- Threat actors embedded malicious GDScript code within the Godot Engine, a legitimate software.
- Upon execution of the Godot Engine, the GDScript is loaded, which then downloads and executes a malicious payload.
- This technique has been successful in remaining undetected by most antivirus tools.