I once discovered a botnet running on my Ubuntu system. I always assumed a PPA the culprit. The ip addresses were gazprom, some stuff in China, a ton of others, etc - too long ago to remember details. I also remember when I first started with Arch, which at that time had unsigned packages.
Edit: comment truncated by sleeping aid. I've gone dumb, but also remember the router suffering too, even after a hard reset, westell, I think.
I also remember when I first started with Arch, which at that time had unsigned packages.
Very much at the urging of Arch maintainers not to, people are using package managers to install stuff from AUR, where literally anyone can upload PKGBUILDs.
Another easy vector (for developers) are language package managers. E.g. Rust's Cargo runs build scripts (small Rust programs for configuration) for many crates, unsandboxed.
Edit: comment truncated by sleeping aid. I've gone dumb, but also remember the router suffering too, even after a hard reset, westell, I think.