{
  "title": "Atomic Arch: AUR Package Takeover Delivers Infostealers and eBPF Rootkits",
  "summary": "Attackers adopted orphaned Arch User Repository (AUR) packages using forged commit signatures to inject npm and bun dependency executions. The rogue packages 'atomic-lockfile' and 'js-digest' delivered a Rust credential stealer, systemd persistence, and an eBPF rootkit.",
  "date": "2026-06-12",
  "severity": "critical",
  "tags": [
    "aur",
    "arch",
    "npm",
    "bun",
    "ebpf",
    "rootkit",
    "credential-theft",
    "infostealer"
  ],
  "sources_count": 6,
  "indicators": {
    "slug": "atomic-arch-aur-compromise",
    "since": "2026-06-09T00:00:00Z",
    "until": "2026-06-12T23:59:59Z",
    "ecosystem": "",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "olrh4mibs62l6kkuvvjyc5lrercqg5tz543r4lsw3o6mh5qb7g7sneid.onion"
    ],
    "urls": [
      "https://temp.sh/upload`"
    ],
    "ips": [],
    "hashes": [
      "6144d433f8a0316869877b5f834c801251bbb936e5f1577c5680878c7443c98b",
      "7883bda1ff15425f2dbe622c45a3ae105ddfa6175009bbf0b0cad9bf5c79b316",
      "47893d9badc38c54b71321263ce8178c1abb10396e0aadf9793e61ec8829e204"
    ],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}