A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
So far I’ve just checked the diff of every package update. But with that many, I think we should maybe start using using the script provided in the article that you evidently didn’t read.
I read another article before which did not mention the script but only listed all affected packages. So yeah I should read this article :)