The trick, I think, is not to focus exclusively on the trademark use in the download, since as Jon points out, they could just be distributing the exact same version of the product, but with the malware in the form of "installer" in front.
Instead, look at the trademark use that is involved in their paid ad placement on Google, or Bing, or spam in Facebook, Google+ and Twitter. Without this, they have no easy way to lure users to their site. That trademark use is less innocent.
These entry points are easier to deal with, since, for example, Google will remove certain kinds of ads based on complaints from trademark owners. Bing has similar options. I suspect Twitter, Facebook, etc., do as well.
So having ownership of a trademark has value even if you never are in court, since ownership permits you to make these kinds of complaints. Malware sitting off on the web someplace is far less of a concern if it is not the first hit when you search for a popular open source package.