Slight correction: Someone (likely a state actor, or just some very leet larpers) got into the hosting infrastructure that NP++ uses, and compromised the downloaded program. We mostly have the NP++ guy’s word for it, so take it with a grain of salt, but if he does not make things up, that is something that can happen with basically all software, there is not much that he can do against it (except maybe find a better hosting company).
Slight correction: Someone (likely a state actor, or just some very leet larpers) got into the hosting infrastructure that NP++ uses, and compromised the downloaded program. We mostly have the NP++ guy’s word for it, so take it with a grain of salt, but if he does not make things up, that is something that can happen with basically all software, there is not much that he can do against it (except maybe find a better hosting company).