What the hell, this shows how unsafe we are no matter what we do. The article doesn't mention online wallets as you said (but I'm guessing you're referring in general for terms of safety), and also claims that a similar attach was carried out in 2021, affecting Ledger users. I don't know for sure which one is the best way to store your coins, but I'm starting to believe that isolating a wallet on a separate computer with no internet access sounds best to me. Imagine downloading your printer's drivers and you find yourself with an empty wallet.

I searched the company and it doesn't look sketchy, as it's stated on the article, they outsource their software to third companies, perhaps a malicious employee planted this malware, which shows how vulnerable we can become just through the smaller link in a chain (just how Coinbase got its data leaked).