Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

North Korean group ScarCruft (APT37) uses spear-phishing emails impersonating Microsoft Account security alerts to deliver NarwhalRAT malware. The email warns of OTP abuse and urges password changes. The malicious LNK file triggers a multi-stage infection chain. The Python-based malware logs keystrokes, captures screenshots, records audio, and exfiltrates data.