400+ Arch Linux AUR Packages Hijacked for Credential Stealer

Attackers took over more than 400 packages in the Arch User Repository (AUR) and rewrote their build scripts to install a Rust-based credential stealer. The malware can also load an eBPF rootkit if run with root. The official Arch repositories were not affected. The campaign, named Atomic Arch, targeted orphaned packages whose maintainers had abandoned them.