I downloaded a cracked install from tpb (haxnode). It was a loader exe that loaded the original exe and supposedly removed the drm in RAM. It required admin permissions, I didn't trust it, but i ran in a vm and nothing happened.
Then i told myself "i have microsoft defender and windows firewall control, they will warn me" and I ran it in my main laptop, and still nothing happened. Like, literally nothing happened. The original program would not start. It would simply exit. Nothing. The other 6 almost identical torrents from the same uploader but with a different program version had a similar result. I gave up.
Then i reboot, and firstly i notice a couple DOS prompts flashing on the screen, and windows firewall control asking me if "aspnet_compiler.exe" is allowed to access the internet or not.
Suspicious, i go to check that "aspnet_compiler.exe" and it's located in the .net system folder, i scan it with microsoft defender and it doesn't report as a virus. I do not pay attention to the fact that it doesn't have a valid Microsoft signature, and i tell myself "probably just a windows update" and i whitelist it on the firewall.
After a few hours I realize "wait a minute: it's impossible that an official windows exe isn't signed by microsoft!" I go back to scan it, not infected... or it looks like, defender says "ignored because in whitelist". What? The "loader" put c:* in the whitelist!
The "crack loader" wasn't a virus per se. It dropped an obfuscated batch in startup, which had a base64 encoded attachment of the actual malware, that was copied in the .net framework directory with unassuming names...
And this for a $60 perpetual license program that i should buy anyway because it's for work
Not for long, Linux will get targeted like this as it becomes more popular. It's more of an argument for OpenBSD if anything, since OpenBSD will never be popular on desktop and it's developers take security very seriously.
You're probably not wrong. The AUR has become an increasingly more popular target for malware.
Ubuntu had issues with it's snap store as well. I think there will be more security oriented distros in the future like Kodachi, but it's best to be cautious in general these days.
Lest we forget about the Xubuntu malware thing that just happened recently. It only targeted windows users though.
There are two layers to this (actually a lot more but)
What you are describing is mostly supply chain. It is the idea that the package manager's inventory should be safe. And that is already a nigh impossible task simply because so many of the packages themselves can be compromised. It seems like every other year there is a story of bad actors infiltrating a project either as an attack or as a "research paper". But the end result is you have core libraries that may be compromised.
But the other side is what impacted OP and will still be an issue even if said supply chain is somehow 100% vetted. People are inherently going to need things that aren't in a package manager. Sometimes that is for nefarious reasons and sometimes it is just because the project they are interested in isn't at the point where it is using a massive build farm to deploy everywhere. Maybe it involves running blind scripts as root (don't fucking do that... even though we all do at some point) and sometimes it involves questionable code.
And THAT is a very much unsolved problem no matter what distro. Because, historically, you would run an anti-virus scan on that. How many people even know what solutions there are for linux? And how many have even a single nice thing to say about the ones that do?