Lazarus APT unveils fileless remote access Trojan designed to evade detection

North Korea-linked Lazarus developed and deployed a three-stage toolchain (DPAPILoader -> RemotePELoader -> RemotePE) that uses DPAPI-bound encrypted blobs and fully in-memory execution to evade detection and forensic recovery; researchers found active C2 servers, live samples, and operator-controlled payload delivery consistent with targeted, long-term observation and sophisticated financially motivated operations.