Unsuspecting victims of a nasty piece of malware [the Dridex online banking Trojan] have found themselves with a brand new anti-virus install [a clean, signed copy of Avira] instead of having their keystrokes recorded and banking details stolen...
http://www.digitaltrends.com/computing/unknown-hacker-infects-malware-with-anti-virus-program/
http://venturebeat.com/2016/02/05/hacker-hijacks-dridex-botnet-to-serve-free-antivirus/
=====================================
Remark: Taking these reports as accurate, while it might be admirable to see "the bad guys" hacked, it still raises the question as to what will happen to one's existing/preferred anti-virus --- the potential for conflict is certainly there --- and how easy it will be for the user to completely uninstall avira (or their original a/v, should that be their choice) if both somehow get installed. Indeed: “While what they are doing [might be] fundamentally helpful, it is also technically illegal in most countries..."