DNS Poisoning (Adversary-in-the-Middle)
Supply Chain Compromise (trojanized software updates)
DLL Side-loading
Modular Malware Frameworks (MgBot)
Cross-platform targeting (macOS via Macma, Android via KsRemote)
Hybrid Encryption for implant obfuscation
Spearphishing
PowerShell and BITSAdmin for payload retrieval