No, the other half would simply get lucky and the malware wouldn't reach them.
No malware can reach every system, especially in the Linux world which is so fragmented. Users will only use repos relevant to them - for example, Fedora users won't use AUR/PPA, malware on crates.io would only reach Rust developers etc. Also, it would be much harder to get malware into any distro's primary repos than dedicated "lower standards" repos like PPA/COPR/AUR, which many users simply don't use. And realistically malware authors will only be able to infect some packages, and for some time.
No malware can reach every system, especially in the Linux world which is so fragmented. Users will only use repos relevant to them - for example, Fedora users won't use AUR/PPA, malware on crates.io would only reach Rust developers etc. Also, it would be much harder to get malware into any distro's primary repos than dedicated "lower standards" repos like PPA/COPR/AUR, which many users simply don't use. And realistically malware authors will only be able to infect some packages, and for some time.