There is already a script to check if you are an infected in the OP.
Here too:
stop piping curl to bash 
Running scripts remotely is a terrible idea unless you first thoroughly checked the script, and made sure you understand every letter. Running script also makes sense only if you have a bunch of AUR packages, whatâs already a serious red flag that should urge you to re-examine your priorities and decision making process. If you only have one or two AUR packages, open the script in the browser, do CTRL + F and see if the package is in the list, and if yes (hopefully not), simply check the installation date with pacman -Qi.
how to do this? remoting into my system from a smartphone.
Has the list of affected packages been finalized? Reason I ask is that one package I used wire-desktop was installed in January and not updated since so not worried about that one. I did however install balena-etcher on Jun 10th, while it isnât in the list it is an old package. Any ideas?
Just wanted to call awareness to the fact that the checkup script may falsely report no compromised packages if user locale does not format dates with month before day⌠which a lot of locales do notâŚ
EDIT: missed the LC_ALL overwrite ignore me
no wait Iâm stupid actually the script accounts for this with an env overwite LC_ALL=C right there 
I would not count on it.
simply check the PKGBUILD of the package you suspect. If it has added npm out of nowhere, replaced the maintainer, and has the post_install script that uses npm to install atomic-lockfile and yargs, then you have installed a malicious package.
or bun, or whatever other variations are around, assuming the package didnât cover its tracks
It has become safer.
I would ignore @worknix since Garuda has taken great steps to make Chaotic fairly safe.
There have been so many posts here including random side arguments that I am not going to go through them one-by-one.
If I missed some important query or similar do let me know.
Weird as that was put in place something like minutes after the original string that used the dates at all (which in turn were within the first hour or 2 of the post).. but different timed downloads could make some reports make more sense.
As we have now had at least 3 different waves with slightly different compositions it would be hard to say. But currently the pasted list (and the one used in the scripted versions) now contains almost 1600 packages and is, as far as I know, the most comprehensive of any such index.
Side discussion
Yes, definitely. The fact that Chaotic AUR isnât well-regarded here might also be due to Garudaâs involvement. There was even a recommendation on this forum not to install the âflawedâ Garuda in the first place. Although that recommendation came with the caveat that the person wasnât up to date on Garuda, I still donât think itâs right to badmouth another Linux distribution here.
Iâd like to be extra safe, Should I install a malware scanner or anti virus? if so what should I install?
so guessing its not a safe time to install?
cachyos does not use the AUR but rather their own repos that are well vetted and most of the affected packages should have been reverted by now on the AUR but its still the AUR and you install anything on there at your own risk.