Supply side attack on a very popular malware recovery tool. This particular attack is especially scary because the download server was compromised destroying the trust relationship between the user and official software sources. Checked the MD5 hash? too bad you’re still boned..
But as the article says. It is now and will always be more secure to keep your software up to date.