The Arch Linux project has sent out <a href="https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/7EZTJXLIAQLARQNTMEW2HBWZYE626IFJ/">an
advisory</a> warning that a set of malicious packages, containing a remote
access trojan, were uploaded to the Arch User Repository (AUR).  The
affected packages were librewolf-fix-bin, firefox-patch-bin, and
zen-browser-patched-bin.  "<q>We strongly encourage users that may have
installed one of these packages to remove them from their system and to
take the necessary measures in order to ensure they were not
compromised.</q>"