EquationDrug Rootkit is commonly installed by what method?

The infection method focuses on social engineering to get the payload onto the system. EquationDrug rootkit has been associated with delivery through deceptive channels that users interact with, such as malicious email attachments or malvertising (ads that host exploit code). When a user opens a weaponized attachment or clicks a compromised ad, an exploit runs and drops the rootkit, often enabling stealthy persistence. This makes phishing-like delivery the most common and effective path for this malware family. USB drive installation and physical mail-in software require physical access and distribution steps that are not the primary vectors observed for EquationDrug. Social media downloads can occur, but the established pattern for this rootkit emphasizes malicious emails and advertisements as the main delivery method.