I guess it's harder to notice because only the victim gets the malware based on IP or time or whatever. Typical supply chain attacks leave malware specimens in everyone's hands and leaves the system operator the power to delete it.