If you are an Arch Linux user and installed Mozilla Firefox, LibreWolf or Zen Web from the AUR repository in the past few days, please delete and reinstall immediately as the previously installed version is infected with the RAT remote access Trojan.
Earlier, some software in the AUR repository was submitted by malicious actors with malicious versions containing backdoors. Although these malicious versions were detected and removed from the AUR repository 2 days after they were released, some users may still install versions with backdoors.
It is worth noting that the above three browsers are actually of the same origin. LibreWolf is based on Firefox and deletes the telemetry part. Zen Web is based on Firefox and redesigns the user interface to provide better UI and various functions.
It is unclear why malicious actors would choose these three Firefox-based browsers at the same time. Other browsers based on the Chromium engine are not affected, so users using the Chrome version do not need to worry.
Theoretically, users should be able to solve the problem by uninstalling and reinstalling a clean version. However, considering the RAT remote access Trojan, if users are still worried, they can consider using Linux security software to scan. If they are still worried, they can consider reinstalling the system directly.