400+ AUR Packages Backdoored to Steal OpenAI and SSH Keys
Key insights
- Over 400 AUR packages were backdoored from June 11, 2026, via orphaned package adoption and PKGBUILD manipulation; a second wave pushed the count higher.
- Two malicious packages, `atomic-lockfile` and `js-digest`, dropped credential stealers targeting SSH keys, OpenAI tokens, HashiCorp Vault credentials, and Docker configs.
- Root-executed payloads deploy an eBPF rootkit hiding processes and socket inodes via pinned BPF maps, with C2 routed through Tor.
Why this matters
Developer workstations running Arch Linux hold SSH credentials, API tokens, and cloud configs that bypass application-layer controls and grant direct access to production infrastructure. The attack exploited AUR's orphan-adoption model and spoofed git commit metadata, defeating standard supply chain defenses like pinned versions or top-level hash verification. The explicit targeting of OpenAI tokens and HashiCorp Vault credentials signals deliberate pursuit of AI infrastructure access, not generic commodity credential theft.
Summary
Over 400 Arch Linux AUR packages were backdoored starting June 11, 2026, after attackers adopted orphaned packages and rewrote PKGBUILD and .install scripts to pull malicious npm and bun payloads during the build process.
Two payload waves landed in sequence: `atomic-lockfile` via npm dropped a Linux ELF binary called "deps"; a second wave deployed `js-digest` via bun. Both payloads harvest SSH keys, shell histories, known_hosts, GitHub and OpenAI tokens, HashiCorp Vault credentials, Docker and Podman configs, and browser sessions from Chromium-based and Electron apps including Slack, Discord, and Teams.
Essentially: (AUR, Sonatype) are at the center of a CVSS 8.7 developer supply chain attack tracked as Sonatype-2026-003775.
- Spoofed git commit metadata made poisoned packages appear from legitimate, established maintainers.
- Root execution loads an eBPF rootkit hiding processes and socket inodes using pinned BPF maps.
- C2 routes through a Tor onion service via local proxy; stolen data exfiltrates to temp.sh over HTTP.
With OpenAI and HashiCorp Vault tokens explicitly in the malware's scope, any developer who built or updated an AUR package after June 11 carries active risk to cloud and AI infrastructure.
Potential risks and opportunities
Risks
- Developers at AI companies who updated AUR packages after June 11 may have exposed OpenAI API keys and HashiCorp Vault tokens, enabling attackers to access model infrastructure without triggering standard perimeter controls.
- Exfiltration routed through Tor and temp.sh complicates forensic recovery; affected organizations may not know what was taken before attackers act on stolen credentials.
- The eBPF rootkit hides processes and socket inodes via pinned BPF maps, meaning infected Arch Linux systems may remain compromised after package removal without full disk reimaging.
Opportunities
- Supply chain security firms (Sonatype, Chainguard, Socket) can accelerate AUR-specific scanning products into an Arch Linux developer market previously underserved by commercial tooling.
- Secrets management vendors (HashiCorp, 1Password) gain a high-profile case study to push short-lived credential rotation features to at-risk development teams.
- The Arch Linux project and AUR maintainers face immediate pressure to implement orphan-adoption auditing and PKGBUILD integrity verification pipelines, opening demand for open-source security tooling.
What we don't know yet
- Attacker attribution: no threat actor group or country of origin has been identified in public reporting as of June 13, 2026.
- Whether any stolen credentials have already been used against downstream production systems, and which specific organizations were impacted.
- How long orphaned packages were available for adoption before attackers claimed them, which determines the true exposure window preceding June 11.
Originally reported by thehackernews.com
Read the original article →Original headline: Over 400 Arch Linux AUR Packages Hijacked in 'Atomic Arch' Supply Chain Attack — Rust Credential Stealer and eBPF Rootkit Target Developer Keys, Tokens, and SSH Credentials