I am not using anything besides Kalroth's cgminer 3.7.3 and my hijacking was only taking place while mining on Waffle. I would expect it to continue even after changing to CleverMining. Also, it doesn't seem likely to me that all the affected users were hit by malware on both various Linux distributions, BAMT and Windows. And I haven't touched my mining rig for the last couple of weeks and it only got hijacked today.
Changing pools seems to "fix" the redirect from my experience. I changed to sf.clevermining.com after I noticed the redirect, and it started working perfectly after that point.