Dear Swiftideas,
We have just found a major issue with the theme update service wp-updates.com. Just last thursday we found out that our server was being hacked through a file called social.png (refer to http://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/2#post-5888807). Social.png contains javascript and runs another javascript file on a (in this case) website called genericstts.com.
We have put more than 80 hours in trying to figure out what the extent of the hack was and decided today that we would reinstall wordpress on another server and rebuild the site completely. In the progress of installing the theme and plugins I was notified about an update of the Dante theme to version 2.64. I looked at your documentation but couldn’t find the change logs, but figured it was ok. I installed version 2.64 and afterwards ran Wordfence. Immediately WordFence gave notice of a malicious file being installed in wp-themes/dante/. This file was: social.png!
I then looked into it with a developer, and we found out that this the update of the theme was actually coming from wp-updates.com, and that this file came along with it.
Can you please contact me through phone or mail, because I seriously think that this is a major issue. social.png is very malicious, it at least alters the WP database and sends all admin and visitor data to some shady server on genericstts.com. My phonenumber is +31619448131.
.