The latest published 1.18.2 version (BetterModsButton-v3.2.2-1.18.2-Forge.jar) on CurseForge was just detected by my Windows Security as carrying a trojan (Trojan:Script/Wacatac.B!ml). If this isn't a false positive, it is possible your github and/or curseforge credentials have been compromised.

This was indeed a false positive, a lot of mods have been affected from many authors. Still thanks for reporting!