Atomic Arch: 900+ AUR Packages Backdoored with eBPF RootkitCopy (thecybersecguru.com)

submitted 12 hours ago by WPSteam@lemmy.world to c/cybersecurity@infosec.pub

0 comments fedilink hide all child comments

Atomic Arch is a major AUR supply-chain attack (over 1.5K packages affected as of now) where attackers hijacked orphaned Arch packages and used malicious install hooks to pull npm payloads that executed a Linux ELF infostealer. It targeted developer secrets like SSH keys, GitHub/npm tokens, browser sessions, Docker/Vault credentials, and chat app data, while also using an eBPF rootkit to hide itself when run as root.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here

this post was submitted on 13 Jun 2026

12 points (100.0% liked)

cybersecurity

6217 readers

128 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 3 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub