ARCH Linux has suspended new account registrations on the Arch User Repository (AUR) due to a significant supply chain attack, known as Atomic Arch, which involves over 1,500 malicious packages. The attack began with modifications to abandoned packages that execute harmful NPM code upon installation. Attackers have shifted tactics to avoid detection, employing tools like eBPF for persistent malware that conceals processes and credentials.
Arch Linux is currently working to identify and eliminate malicious commits, advising users that any compromised system should be rebuilt from clean media and all credentials rotated.