The malware was being delivered via archive files and MS Office documents by abusing the Follina vulnerability. The malware has been active in the wild for at least a year.