SparkRAT, a versatile malware tool, continues to pose a significant threat due to its modular design and cross-platform support. Recent investigations have uncovered new infrastructure associated with a suspected DPRK campaign targeting macOS users. The analysis reveals techniques for detecting SparkRAT servers in the wild and examines the evolution of the campaign's delivery tactics. Three additional servers were identified, hosting open directories with SparkRAT implants. The research highlights the persistent nature of this threat and the adaptability of the adversaries using it. The discovery of a suspicious APK file linked to a fake Vietnamese gaming platform underscores the diverse tactics employed to target unsuspecting users.