The campaign hit major registries and hid behind legitimate-looking release signatures, showing how attackers can weaponize the software update process itself.