WaterPlum, also known as Famous Chollima or PurpleBravo, is described as a North Korea-linked actor targeting financial institutions, cryptocurrency businesses, and FinTech companies worldwide. The Japanese-language analysis says OtterCookie evolved from a file-grabbing v1 into later versions that support Windows, collect documents, images, cryptocurrency wallet data, and use hardcoded commands outside Windows environments. Newer modules add virtual-environment detection, clipboard theft using macOS or Windows standard commands, and credential theft from Chrome, Brave, MetaMask-related files, and macOS credential stores. The differing handling of decrypted and encrypted Chrome Login Data suggests separate module development, while listed infrastructure includes alchemy-api-v3[.]cloud, chainlink-api-v3[.]cloud, and moralis-api-v3[.]cloud.