A lure built around a geopolitical theme masked a loader chain that leaned on user execution, writable paths, and trusted Windows components to keep the final payload off disk.
A legitimate Microsoft binary, a sideloaded DLL, and a memory-resident RAT show how attackers can turn normal loader behavior into a stealth delivery path.
A Windows shortcut, a PowerShell downloader, and a ClickFix-style lure can turn a routine search for AI tools into a stealthy intrusion path.
A seven-week campaign tied to Dropping Elephant mixed trusted web services with fast-changing infrastructure, showing how attackers can turn ordinary publishing and chat-link features into malware delivery paths.