I don't know enough about the code or project to offer support or condemnation but malware bytes is awful. Had previous experience of them blocking a website and when we finally got a response they just refused to even look at it or fix the false possitive.
Again I don't know if that's the case here or not. Perhaps someone with technical knowledge and a stake in this project could reverse engineer the code and check outgoing connections to see if there is a problem or not.
Why even make a comment if you have no fucken idea what you are talking about?
They have posted it themselves on their website that the wallets are infected you idiot.
They never said they were infected just that the checksum did not match and should be seen as compromised.
Since there have been 0 reports of stolen funds we can only come up with a few scenarios
1. The files were harmless and were not compromised (Maybe slight corruption on upload)
2. No one downloaded the file during that time (bearing in mins it was only the windows version and pretty much all companies use the linux version or build from source)
3. If it was compromised and a users key was stolen then no action has yet taken place (unlikely since it's been warned the hacker would want a quick exit while it possible)