Atomic Arch: AUR Package Takeover Delivers Infostealers and eBPF Rootkits
Attackers adopted orphaned Arch User Repository (AUR) packages using forged commit signatures to inject npm and bun dependency executions. The rogue packages 'atomic-lockfile' and 'js-digest' delivered a Rust credential stealer, systemd persistence, and an eBPF rootkit.