Kaspersky ICS CERT describes PseudoManuscrypt, spyware whose loader resembles Lazarus-associated Manuscrypt but whose distribution and scale do not match typical targeted Lazarus operations. The malware was spread through a MaaS ecosystem that bundled payloads with pirated software installers, including a case involving the Glupteba botnet, and Kaspersky blocked it on more than 35,000 systems across 195 countries in 2021. Victims included industrial and government organizations, with a notable share of detections on industrial control system computers in sectors such as engineering, energy, manufacturing, utilities, and water management. Its main module provides broad espionage capability, including VPN data theft, keylogging, screenshots, screen video, microphone recording, clipboard theft, event-log collection, and near-full control of infected hosts.