This was a UI popup that got injected into the middleware provided by Ledger that is used to make it easy for apps to prompt Ledger users for a signature. The keys aren't compromised by this attack, this is more similar to a phishing attack, but via supply chain to increase fake legitimacy.