KONNI Adopts AI to Generate PowerShell Backdoors

Check Point Research documents a KONNI-linked multi-stage phishing campaign targeting blockchain developers across APAC that delivers weaponized LNKs and an AI-generated, heavily obfuscated PowerShell backdoor; the malware includes sandbox-evasion, UAC bypass, scheduled-task persistence, C2 token emulation, and optional RMM deployment, and the report provides extensive IOCs (file hashes, domains, and IPs).