Previous reports blamed the attack on a “hacked APK update,” this new information suggests that the malicious update came from unofficial sources.