Everyone should SHA-256 checkcums and PGP signatures against anything they have downloaded since the hack happened, otherwise you may have installed compromised wallets which generate addresses that belong to the attacker. Anything is possible if you are able to successfully make a man-in-the-middle attack giving you access to the servers to upload any malware you want.
I think Bitcoin.org team has restorer the access because I just visit the site and there was no doubling scheme. They should make thier security more tight so such hacks does not happen in future.