Void Dokkaebi has updated its InvisibleFerret malware by compiling the original Python scripts into Cython binaries (.pyd for Windows, .so for macOS) to evade traditional script-based detection. The campaign utilizes a multi-stage BeaverTail JavaScript infection chain to deliver these binaries, targeting software developers to steal cryptocurrency wallet credentials, establish backdoor access, and downgrade browser security controls.