What happened
Starting June 11, 2026, attackers adopted more than 400 packages in the Arch User Repository that had been abandoned by their original maintainers. Arch Linux allows community members to claim maintainership of unmaintained packages. The attackers used this feature as designed, adopted the packages legitimately, and then modified the PKGBUILD build scripts to pull a malicious npm package called atomic-lockfile during installation.
The atomic-lockfile payload drops a Rust binary named deps. When executed, deps harvests browser cookies and saved credentials, SSH private keys, GitHub personal access tokens, and session tokens from Slack, Discord, and Microsoft Teams.
When the binary runs with root privileges (which AUR package builds often do), it also loads an eBPF rootkit that hides the binary from process listings, network connections, and standard filesystem inspection. The combination of an infostealer and a rootkit makes post-infection detection significantly harder than a standalone credential theft payload.
Attackers spoofed git commit metadata to make the malicious changes appear to come from the original maintainer or a trusted contributor. A casual review of the commit history would not immediately surface the modification.
Who is affected
Any Arch Linux or Arch-based distribution user (Manjaro, EndeavourOS, Garuda, and others) who built and installed an affected AUR package from June 11, 2026 onward is potentially compromised. The campaign specifically targeted orphaned packages, which tend to be installed by developers building specialized environments, making the credential theft particularly high-value.
Immediate steps
If you installed any AUR package in the affected window:
- Rotate all SSH keys immediately. Assume any private key on the system was exfiltrated.
- Revoke and regenerate GitHub personal access tokens.
- Log out of all Slack, Discord, and Teams sessions and rotate those tokens.
- Change browser-stored passwords and enable session rotation in your browser.
- Check your system for unexpected eBPF programs using bpftool prog list. Any unknown entries warrant investigation.
- Consider rebuilding affected systems from a known-clean image, particularly if the malware ran as root.
The structural problem
The AUR has no mandatory security review for package contributions or for package adoption. That is a design choice, not an oversight. The repository prioritizes ease of contribution and community maintainership over intake security. This is not going to change in response to this incident.
The correct frame for this is not 'Arch should have prevented this' but rather 'community package repositories without formal intake review are permanent supply chain attack surfaces.' The Atomic Arch campaign is one more instance of attackers exploiting that structural property, following similar patterns seen in npm, PyPI, and RubyGems across 2022-2026.
Developers who use AUR packages should treat them with the same scrutiny they apply to third-party code in any other context: read the PKGBUILD before running it, check the commit history and author, prefer packages with active maintainers and community reviews, and never run AUR package builds as root in a production or sensitive environment.
Gigia Tsiklauri is a Security Architect and founder of Infosec.ge. Get in touch if you maintain packages in public repositories and want to discuss supply chain security controls.