Atomic Arch npm Campaign Adds Malicious Dependency

Sonatype researchers identified Atomic Arch, a campaign that takes over orphaned Arch User Repository packages and alters PKGBUILDs to install a malicious npm dependency during installation. The dependency, atomic-lockfile, includes a Linux payload linked to credential harvesting, stealth, anti-debugging, and possible data exfiltration.