Is this actually a CVE?

The headline at least looks more like lOoK, sSh eXplOiTeRs uSe sSh cLiEnTs tO eXpLoIt sSh CVEs!!1!1elf11

TL;DR: Free Software being repackaged with malware in order to trick people who download from fake websites like Softonic and shit. No PuTTY exploit, no Win exploit, just pure user error.

Edit 2: The big exploit according to the Article is that now the malware dosent need OpenSSH since its integrated into win already by default. But again, any fake game website could have just promted the user to install that, since most users are that dumb and will just do what the website tells them anyway

This article seems to describe one of the things an attacker can do once they already have access to your device - a method for maintaining access that can evade detection. Did I miss the part where this article explains how a machine gets compromised in the first place, or does it just presume your machine is already somehow infected?