Reading on other forum, the attacker seems to chain with nodejs and npm for the attack. Plus aur maintainer change for old package uses stupid policy. Anyone can crawl the aur package list, see if any being orphaned, unmaintained, send request to takeover the package, wait ~2 weeks, get no response from old maintainer, automatically being given new maintainer status, proceed to push the malware, thus the huge 15k pwned package estimate.
While aur does plastered few warning of dragons ahead, people let their guards down because historically it Just Works®. Next we’ll probably see docker image from dockerhub or github registry being pwn too just because people are automatically pulling and installing random unvetted stuff without any care in the world. Open source, foss doesn’t mean yolo trusting everyone especially if you can’t read sourcecode yourself. Especially with ai llm’s nowadays, any joe blow can be a script kiddy pwning stuff left and right.