This isn't necessarily a bug as it could have been injected in several different ways.
All my sites got hacked with myfilestore hack and the files that were compromised were in the armadillosm.tar game, and it was in the media folder, in the tar file, in the import folder and in the temp...