In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The attack involved a malicious JavaScript file that retrieved and executed Ande Loader and the 0bj3ctivity Stealer. Ande Loader created persistence, downloaded additional payloads, and performed process injection. The 0bj3ctivity Stealer exfiltrated data from various browsers and messengers to Telegram, servers, or SMTP, including credentials, credit card information, and system details. The attack utilized obfuscation, anti-analysis techniques, and a multi-stage delivery mechanism to evade detection.