Distribution

Threat actors are actively leveraging Microsoft's ClickOnce technology, a legitimate application deployment mechanism, to distribute and execute malware by exploiting its user-friendly deployment process that bypasses administrative privilege requirements.