ThreatLabz identified a supply chain attack where the threat actor SmartApeSG compromised the widely used Okendo Reviews widget to inject malicious JavaScript. The loader employs environment checks, XOR deobfuscation, and staged execution to deliver ClickFix-style social engineering lures, ultimately aiming to deploy RATs and information stealers on desktop endpoints.