QiAnXin’s threat intelligence team found Lazarus-linked attack samples for both Windows and macOS, including a Windows lure built around a psychological test that prompted users to enable macros. The Windows sample released and executed a PowerShell backdoor from the temp directory, hard-coded three C2 servers, collected host information, and supported command-driven file download and execution. A related macOS sample used a fake Flash Player component, extracted and installed a hidden .FlashUpdateCheck payload through a launchctl-loaded plist for persistence, and used backdoor functions broadly consistent with the PowerShell implant. The report attributes the activity to Lazarus based on backdoor and TTP analysis and highlights the group’s continuing ability to conduct multi-platform operations.