Didn't this also happen somewhat recently? How can this be prevented? The window could be reduced by actively monitoring mirrors? Could BitTorrent help mitigate this because the torrent file validates data and isn't under the control of the parties?
This could have been prevented by hosting downloads on a reputable site(Github), instead of developer's own PHP backend.
Software like https://github.com/google/santa can help, especially if you're doing IT in a large enterprise.
The feed used by the software's autoupdate framework(sparkle) was signed, so that would've prevented bad downloads through autoupdate.