Surely bad idea to patch the old binary! SHA and MD5 checksums are out for a while and anyone can simply check if he has genuine exe without a trojan. I never trusted even in the original TC, but it must have been big pain in someone's arse to take it down, so now I trust it much more. Too late to patch it.
New product has to arise and gain the trust of users, which will take time. You need to read in papers, that criminal has been using whatevercrypt and police was unable to gather evidence But governments are good in serving fake news, so it will take long time I think.