Researchers from Kaspersky recently looked into less-commonly used vectors of infection in malware campaigns. The methods include infection through malicious torrents (CLoader), infections through a fake TOR browser (OnionPoison), and as backdoored and signed benign tool (AdvancedIPSpyware). More info https://securelist.com/uncommon-infection-and-malware-propagation-methods/107640/
