DigiNews

Summary

The Atomic Arch campaign hijacked over 1,500 AUR packages by injecting a post install command that downloads a malicious npm package containing a credential stealer and an eBPF rootkit. The rootkit can hide processes, files and network connections and is hard to detect, highlighting supply chain risks in open source package ecosystems. The article outlines direct and indirect impacts, defenses, and long term governance questions for AUR and similar community repos.