Intel Drops #3

Threat actors are impersonating a Mexican government SUA site to deliver a malicious JavaScript via drive-by download; once executed, the script runs stealthily (registry changes, headless browser), steals Chrome/Edge session cookies, and beacons to a C2 at `extensioninstaller.onrender.com` for infection confirmation and host ID assignment, with related activity linked to `instalasua.com` as an IoC.