Somebody noticed unusual firewall activity with a cracked version of Malwarebytes Anti-Malware Pro and investigated further, finding that the software had been e-mailing information back to a number of addresses, all of which have account names containing some variation of the MeGaHeRTZ group name.
The information it sent back included the username, computer/drive serial from the Windows API, and the host machines's IP address.
All software they released has since been "nuked", but its all out there now.
Cracked software containing malware is nothing new, but its very rare that the malware is added by the originating group. Typically the malware is added later and spread on P2P networks, file sharing forums or BitTorrent trackers.