ScarCruft uses fake Microsoft security alerts to distribute NarwhalRAT, a Python-based malware that operates in memory and communicates with command-and-control servers via compromised websites and pCloud APIs.
China is deploying coordinated spear-phishing with Azureveil malware against targets in Czechia and Taiwan to systematically exfiltrate data from high-value organizations.