A new AsyncRAT malware campaign has been identified, utilizing malicious payloads delivered through TryCloudflare quick tunnels and Python packages. The attack chain begins with a phishing email containing a Dropbox URL, leading to a ZIP file with an internet shortcut. This triggers a series of downloads, ultimately executing AsyncRAT malware via Python scripts. The campaign employs legitimate infrastructure like Dropbox and TryCloudflare to evade detection. It uses a multi-step process involving LNK, JavaScript, and BAT files, culminating in the extraction of malicious Python scripts. The attackers use process injection techniques to inject shellcode into legitimate processes like notepad.exe and explorer.exe. This sophisticated approach highlights the evolving nature of cyber threats and the exploitation of legitimate services for malicious purposes.