The third-party software updater used to seed last week’s NotPetya worm that shut down computers around the world was compromised more than a month before the outbreak. This is yet another sign the attack was carefully planned and executed. malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that’s widely used in Ukraine.
— source arstechnica.com
To avoid this kind of situation all softwares must be Free Software.