Arch Linux distroshas pulled as many as three user-maintained software packages after it was found hosting malicious code. AUR (Arch User Repository) repository has recently been found hosting malware code in several instances, including a PDF viewer. Users should carefully check all files, especially PKGBUILD and any.install file for malicious commands, says Arch’s Giancarlo Razzolini. The incident has sparked a debate about the security of untrusted software packages.
Source: https://thehackernews.com/2018/07/arch-linux-aur-malware.html