Elastic Security Labs identified a cyberattack targeting a South Asian financial institution using two custom malware strains: BRUSHWORM and BRUSHLOGGER. BRUSHWORM functions as a backdoor and USB worm capable of extensive file theft and air-gap bridging, while BRUSHLOGGER captures system-wide keystrokes via DLL side-loading.