Girtablulu I think you meant to say "It certainly did not come via our software update."
Nothing in the eopkg history indicates foul play. So unless @dschinn1001 actual has proof of this, I have to either assume that their machine is compromised in ways outside of our actions or that they mistook something else for a malware attack.