However, how do I check or validate the authenticity of the libraries/modules (not sure what is the true name) installed from cpan?

See Module::Signature for an optional way for module authors to sign their distributions. If the module is not signed, you can still trust its contents as long as you download the archive from an HTTPS mirror - as long as you trust HTTPS public key infrastructure.

I am worried, because I heard that some libraries on Github had some bitCoin mining software compiled into the library.

For scenarios like this, validating that the package is intact would not help, because that attack was conducted by a person with entirely legitimate uploader rights. If you want to protect yourself from malicious module owners, you have to conduct audits of third-party modules you depend on.

Implementing security audits across a whole repository is not an easy thing to do, since it is a lot of work to do (orders of magnitude more than any package repository is currently doing), it puts hurdles between would-be uploaders and their ability to publish their packages ("What do you mean, I have to wait a few days before my Widget::Frobnicator can be made public? What do you mean, rejected sub blorgle {} is impossible to follow because of goto-based logic coupled with cryptic variable names? Forget it, I'm uploading it on GitHub"), and it doesn't actually solve the problem: you would still have to trust a lot of reviewers instead of trusting a lot of package uploaders.

The R language tries to hold a middle ground by having a policy of always paying more attention to uploads by new maintainers and cases when maintainer e-mail address changes and never accepting binaries (the copay attack had been conducted by placing malicious code in the minified script - equivalent of compiled code in JavaScript world). PAUSE also has complex rules for when it comes to packages changing owners, but it always boils down to verifying the packages you depend upon yourself.