I’ve been using Manjaro Gnome for a few months now and quite like it… I’ve found alternative software for what I use and have win 10 loaded into virtual box just in case. But this whole time I’ve kept onto my MacBook and have been using it for banking, keepassxc and Crypto investments. I"m at the point where I could use Linux as my main OS but am paranoid about doing finances on it as AUR is populated by 3rd parties and the software isn’t coming directly from the original developer/company, which makes me feel unsafe. I’ve run ClamAV and RK hunter on my machine and it is clean but I’m still hesitant. For example, how do I know that ledger live from PACMAN is legit and I won’t get my crypto holdings stolen. I have read that malware via PACMAN is very rare, and there are moderators who check the packages, but that is me trusting a third party, and potentially putting my assets at risk of being swindled. Or how do I know that any of the other packages I installed don’t have keyloggers or screen recorders?
It most likely is coming from the developer/company, you can check the source in the PKGBUILD. It’s always good practice to read what the PKGBUILD is going to do before installing from the AUR.
Edited to add:
This is in the official Manjaro repository, packaged by Oberon
If you want to be save there is the possibility to use a separate linux (booted from CD) to do financial transactions. (But don’t do anything else from there)
Other things like doing work, writing emails, surfing in the internet, visiting a forum, playing games do with an update-able installation.
Once in a year, create a new CD to keep security tight.
No virus can infect a CD after it is burned. If you don’t do silly things right before doing your financial transaction, the RAM also will be free of bad programs.
If you’re paranoid about the system security. You can try to hardening your system by following the steps here: https://wiki.archlinux.org/title/Security
Just remember that too many security settings will make the system unusable.