I think the biggest issue here is that the hackers got access into the development servers of a trusted company, and planted a trojan inside software that was officially signed, therefore trusted by Windows and your AV.
This method could be used against ANY mainstream software vendor, even Microsoft or Cakewalk.
Not much you can do about this type of attack, except maybe not update as frequently, LOL! The burden is on the developers to keep things under better lockdown until release.
It is reassuring to see that Malwarebytes identified this particular trojan, as I run the free, on demand scanner at least once a week!