[addandsubtract]

Apparently, it was collecting passwords from victim machines. So, step one would be to remove everything the script put onto your machine. Step two would be to change your passwords.

[chatmasta]

Step one is to unplug the machine from the internet. Step two is to use another machine to change all your passwords, starting with the “pivot” passwords - your password manager master password, your email accounts, your AppleID, your mobile provider - followed by financial accounts and then all others. While changing passwords, make sure to “invalidate all sessions” where possible.

Only after you’ve done all this should you move onto Step 3: reformat your computer and install the OS from scratch.

[watermelon0]

Step 3 should probably be reinstalling the OS, and restoring data from backup (ideally from before the malicious version was installed).

[NotYourLawyer]

And install ublock origin going forward.

[hollin]

Is there any way to check if you're affected? I just happened to install Homebrew while the malicious site was up and now I'm not sure if I installed the legit version.

[Shank]

Check if /tmp/update exists. If it does, you’re infected.

[seenukarthi]

I think the malware tries to delete this file. So, it won't be a reliable method to identify whether you were infected.