This is yet another advanced and scary ''supply chain attack'', which was apparantly also not caught by AV's. To me it's mind boggling that many security tools still do not offer ''behavioral based'' protection against infostealers. I have asked HMPA's developer Ronny to implement this stuff, but he ignored me. Perhaps it's too much work? https://thehackernews.com/2025/01/plushdaemon-apt-targets-south-korean.html
