In early February 2025, a phishing campaign targeting Ukrainian entities used invoice and billing-themed emails containing compressed archives with obfuscated JavaScript files. These files deployed PowerShell downloaders to install SmokeLoader, leveraging the Emmenthal loader....