There is currently a malicious attack going towards the AUR, in the form of a botnet impersonating git users/maintainers to take over packages and adding a malicious payload.

Arch team is aware and working hard to reset/delete the affected commits and packages.