In May 2025, we observed and investigated a targeted malware campaign that utilized native Windows utilities (mshta.exe, powershell.exe), publicly hosted payloads on Cloudflare R2, and layered obfuscation to evade detection. The threat actor delivered an infostealer that attempted to extract saved browser credentials from a Chromium-based profile. This article offers a complete breakdown of how the […]