Sep 32025 Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE Lazarus Group used PondRAT, ThemeForestRAT, and RemotePE in a 2024 DeFi attack, likely via Chrome zero-day.