Researchers from antivirus provider Eset, in a blog post published Tuesday, said the malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that’s widely used in Ukraine.
Source: Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak | Ars Technica