Right the writeup doesn't mention when it started and what versions are affected

Download the latest version and install that, instead of using the auto update feature of an old version that might not properly check signatures.

As for whether anything else has been compromised, it depends on whether you were targeted. And the payload might have been tailored to each target, so there's no way to know unless you have access to the exact binary. Unfortunately, binaries downloaded through the auto update feature tend not to linger in your Downloads folder.

Disable auto-updates, just like you should with every piece of software on your machine. This was the result of letting other people silently replace your programs. Don't allow that.