Arch Linux Alert: Malicious Firefox, LibreWolf, & Zen Web AUR Packages Spread CHAOS RAT
Ddos 
If you are an Arch Linux user and have installed Mozilla Firefox, LibreWolf, or Zen Web from the AUR repository in recent days, you are strongly advised to uninstall and reinstall them immediately. The previously available versions were compromised with a Remote Access Trojan (RAT).
Recently, a threat actor uploaded maliciously modified versions of several packages to the AUR repository, embedding backdoors within them. Although the tampered versions were detected and purged from AUR within two days, some users may have inadvertently installed the infected builds.
It is worth noting that all three affected browsers share a common originβFirefox. LibreWolf is a privacy-focused fork that strips telemetry components, while Zen Web reimagines the Firefox interface, offering enhanced UI and additional features.
The motivation behind the attacker’s decision to target these specific Firefox-based browsers remains unclear. Interestingly, no Chromium-based browsers appear to have been affected, so users relying on Chrome variants have no cause for concern.
In theory, uninstalling and reinstalling a clean version of the affected software should remediate the issue. However, given the nature of RAT infections, users concerned about lingering compromise are advised to scan their systems using reputable Linux security tools. For those seeking complete peace of mind, a full system reinstallation may be the most prudent course of action.
Related Posts:
- Microsoft’s Oops: Update Uninstalls Copilot AI
- Hackers launched SSH brute-force attacks on Linux systems to deploy Chaos backdoors
- Major npm flaw crashes Linux Systems, force users to reinstall
- Quick Fixes to Kernel Security Check Failure
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
