A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
So, I’m totally fine because I always manually install from the AUR? This is more of a problem for people using those AUR helpers that make a package manager out of it, right?
I don’t think it matters how you installed infected AUR packages.