[mikeash]

I wonder why emulators aren't a common attack vector. They're fairly popular, and downloading ROMs from mysterious shady sites is par for the course with them. If you could subvert a popular ROM site, or even just SEO your way to the top of the Google listings, you could get a lot of people.

[rincebrain]

Probably because they'd just infect the emulator with some payload rather than figure out an exploit vector that depended on the payload being opened in the emulator later.