Skip Navigation

Atomic Arch: 900+ AUR Packages Backdoored with eBPF RootkitCopy

Atomic Arch: 900+ AUR Packages Backdoored with eBPF RootkitCopy | The CyberSec Guru

On June 11, 2026, the Atomic Arch supply chain attack backdoored 900+ Arch Linux AUR packages with the 'deps' infostealer and an eBPF rootkit

Atomic Arch is a major AUR supply-chain attack (over 1.5K packages affected as of now) where attackers hijacked orphaned Arch packages and used malicious install hooks to pull npm payloads that executed a Linux ELF infostealer. It targeted developer secrets like SSH keys, GitHub/npm tokens, browser sessions, Docker/Vault credentials, and chat app data, while also using an eBPF rootkit to hide itself when run as root.

Comments

1