If you have concrete evidence that this plugin contains malicious code, please send all of the relevant details to plugins [at] wordpress.org.
If you do not have any evidence other than you found that your site contained malware shortly after updating the plugin, then it is not valid to automatically assume that it was the plugin. It is far more likely that you site was hacked and the plugin’s files were amongst those changed by the hackers.
I’m not using it and my website has not been hacked.
The hosting company let his customers know what the problem is with this plugin and recommends not to use it.
Relevant details that I and customers received about the plugin have been sent as you requested.
regards,
