Ronnie Wong May 17
...the attacks are the result of router-level man-in-the-middle attacks that exploit insecure connections between end users and servers, along with incomplete code-signing to validate the authenticity of received files before they're executed.