In May 2024, researchers detected a phishing campaign impersonating the Colombian Attorney General's Office, aiming to infect systems with AsyncRAT malware. The attack employs a ZIP file containing legitimate IObit antivirus software and malicious files, utilizing DLL side-loading for execution. While sharing similarities with APT-C-36, the kill-chain differs from their previous campaigns, suggesting modified tactics. The infection chain involves the legitimate IObit executable loading a malicious DLL, creating processes for code injection, and ultimately deploying AsyncRAT via process hollowing. Persistence mechanisms include a startup link file and scheduled task.