ScarCruft, a North Korean threat group, has been attempting to deliver the RokRAT malware since July 2022 using oversized LNK files. The malware is capable of targeting macOS (CloudMensis) and Android (RambleOn). The malware variants are equipped to carry out a range of activities such as credential theft, data exfiltration, command and shellcode execution, file and directory management, and more.