We aren't done yet with the AUR attacks. Another pattern has been reported, and this one is /just/ a little bit more elaborate. It's still a similar supply-chain attack.
This one uses bun to fetch nextfile-js, one of the infostealers used in previous attacks.
lists.archlinux.org/archives/lis...
