Still missing details on how this qualifies as an APT, this seems nothing more than a basic trojan horse unless Kaspersky is for whatever reason neglecting to talk about whatever persistence mechanisms it has in place beyond the basics (startup entry of some form).
Malware explicitly targeting crypto software is scary regardless, however.
The "persistent" in APT refers to the threat actor, not the tools themselves. So this is an APT because the threat actor has shown persistence by e.g. using multiple SWCs over a period of time and evolving their techniques. The individual tools used by the threat actor may not persist and in fact often don't, as APTs are much more likely to cover their tracks since they have a longer-term vision.
Seems like there could be a use for a distributed service that automatically checks the signature of common downloaded executables --especially for in Microsoft world. It's not enough for vendors to simply put the signature on their website.
This exists, it's not 100% effective because it's generally implemented as a UI flow change where less trusted binaries get scarier "are you sure?" popups and only the most obviously malicious files are blocked.
Edge has Microsoft SmartScreen[1], Chrome has CAMP[2] / Safe Browsing and Firefox has a system that also uses Google's data[3].
Edit: I missed that part where you were meant pro actively check against publisher provided signatures. The above systems do that only via looking at the code's embedded signature and indirectly via "wisdom of the crowds" style reputation.
Since the article mentions nothing about veracrypt I assume veracrypt downloads/mirrors for windows users were unaffected. Does anyone know if this is true?
Malware explicitly targeting crypto software is scary regardless, however.