K7 Labs reported that the North Korean group Kimsuky used obfuscated scripts and multi-stage payloads in a recent cyber campaign to steal browser data, log keystrokes, and evade detection through VMware checks and encoded malware components.

The Braodo Stealer, a Vietnamese-based malware, is infiltrating victims' systems to steal sensitive information like credentials and banking details for identity theft and financial harm.

SpyMax does not require the targeted device to be rooted, making it easier for threat actors to cause damage. Once installed, SpyMax gathers personal information from the infected device without user consent and sends it to a remote threat actor.

The ransomware, named "grinchv3," self-copies itself to the startup folder for persistence, encrypts user data using the Fernet symmetric key encryption algorithm, and adds a pop-up message after encryption.

The PowerShell script uses a technique developed by a researcher in 2022, which involves patching the Windows Defender registered DLL for AMSI with a shellcode to overwrite the function that scans PowerShell scripts.