Attackers compromised a font package installed by a PDF editor application and used it to deploy a cryptocurrency miner on users' computers. Since the PDF editor was installed under SYSTEM privileges, the malicious coinminer code hidden inside the font package would receive full access to the victims' system.
Users who have installed this PDF editor between January and March 2018 have been affected.
This was a counterfeit artifact delivered to developers.