The malware was first detected back in 2019 within a compromised Drupal environment. However, over the last few months, it appears to have surged in popularity among attackers. It tends to be uploaded into WordPress environments as a fake plugin.