Kaspersky cybersecurity experts: The Chinese APT exploits the CVE-2021-40449 zero-day vulnerability in the Win32k kernel driver and the malware to escalate privileges.
Cisco Talos cybersecurity experts: The lure is the free availability of am anti Pegasus spyware tool, called AVPegasus. Indeed, the software is the malware.
Yoroi cybersecurity experts: The malware (aka TH-264) has improved protection mechanisms and can operate as a silent info stealer or run offensive plugins.
Malwarebytes cybersecurity experts: It is been potentially linked to the North Korean’s APT37. The malware is distributed via spear phishing with 2 weaponized documents.