A Windows remote-access trojan tied to a MaaS model is being linked to Telegram Bot API tasking and a move away from .NET toward native C++ code.