It's not just "something in the water" in the Ukraine ................. https://threatpost.com/attackers-backdoor-another-software-update-mechanism/127452/
Seems to be a sophisticated attack. Like I said, even trusted tools should be monitored for suspicious behavior.