Hello there, this is my first time using a mailing list :) I've run some checks on my machines and found that at least libgdata and subbrute are present on my PCs. However, they were both last updated several months ago, so I can't verify for sure whether the malware is present or not.
I was thinking of cross-referencing expac info about installed packages against git log dates, but since the malicious commits were removed from the AUR with --force, I'm not sure how to do that anymore -- especially as my setup cleans .cache/yay regularly, so I don't have the local clones to inspect either. Having a list with the malicious commit hashes and dates would likely help automate checks for folks like me. Vladimir T
