Not just any user, but people in Asia. Seems very targeted.

The issue was they weren’t validating the update pulled down from the hacked update hosting server was legit.

They’ve since switched hosting services and added validation.

“fingers crossed”

Do we know what the hacked version of the app actually did after installed? For example, did it send all opened files back to some server owned by the hackers?