Yep. In the author's case it definitely seems they were infected, everything checks out there. I think this commenter however is mistaken when they say they also have the malicious executable discovered by the author. Investigation of my own image (not latest release but within the past few months) shows no evidence of what the author reports
The article author searched netservlet for these strings to detect the infection:
> $ strings /tmp/netservlet.elf | egrep -i 'stratum|pool|wallet|http|crypto|mining|eth|btc|pool'