“An Arch Linux user on Wednesday uploaded malicious AUR packages of firefox-patch-bin, librewolf-fix-bin, and zen-browser-patched-bin. These AUR packages ended up installing a binary file from a GitHub repository that ended up being a remote access trojan.”

https://www.phoronix.com/news/Arch-Linux-Malicious-AURs