Threat actors used to inject the botnet malware through phishing campaigns and malicious links but have shifted to exploiting a now-patched Netwrix Auditor vulnerability.
Article Link: Truebot RCE attacks exploit critical Netwrix Auditor bug | SC Media