The infection vector of NullMixer is based on a ‘User Execution’ malicious link that requires the end user to click on and download a password-protected ZIP/RAR archive with a malicious file that is extracted and executed manually.