Apparently I was almost affected, but I dont update arch frequently enough, that my alvr package was not updated during the window.
It's also a good thing that Arch Linux has people hawking it, so if these things happen they get caught on insanely quickly. I wonder if there's sane ways to protect your dotfiles from rogue processes just touching them.
I normally exclude all AUR packages from system updates to speed things up, so I shouldn't be affected either.
I usually use "yay" for all my stuff, so I might have to consider telling yay to only update system files, apparently one way to decrease this type of attack is to get a hardware key for your SSH files, might finally have a reason to get a yubikey or similar.