What is the sandbox user '_apt' on my system

I ran rkhunter and found out a warning, that there is a new user called _apt on my Ubuntu 16.04

$ grep _apt /etc/passwd
_apt:x:124:65534::/nonexistent:/bin/false

All I found out is, that it seems that this is a kind of sandbox user for "advanced persistent threats". But what exactly is this?


Solution 1:

The user _apt is created by the postinst script of the apt package (/var/lib/dpkg/info/apt.postinst):

 # add unprivileged user for the apt methods
 adduser --force-badname --system --home /nonexistent  \
     --no-create-home --quiet _apt || true

It's the owner of /var/cache/apt/archives/partial and /var/lib/apt/lists/partial and used by APT to download packages, package list, and other things.