The malware is being distributed through LNK files that collect information about antivirus products and execute an HTML application. This leads to the download of two files from a remote server, which establish persistence and launch the Remcos RAT.