Post Syndicated from corbet original https://lwn.net/Articles/1030603/

The Arch Linux project has sent out an
advisory warning that a set of malicious packages, containing a remote
access trojan, were uploaded to the Arch User Repository (AUR). The
affected packages were librewolf-fix-bin, firefox-patch-bin, and
zen-browser-patched-bin. “We strongly encourage users that may have
installed one of these packages to remove them from their system and to
take the necessary measures in order to ensure they were not
compromised.“