What happened to the "Linux is malware-free" claim?
That's a claim only ever made by the inexperienced because they do not realise that any operating system can be infected. It's just a matter of working out how to get in.
Doing it at installation is one way to do it going back to the days when users installed everything from floppy discs.
That's as true of Mint as of openSUSE, of RedHat, of Ubuntu, of Debian, of Windows, of MacOS, of RISC OS, of ANYTHING that attaches to the Internet. The fact that somebody has done it to Mint now is, as somebody already noted, proof that it is becoming popular enough to be noticed by those bastards that insist on doing this.
The only way to never get infected is to switch the machine off but then, of course, the bastards win.