More and more attacks taking advantage of a XSS and RCE bug in the popular plugin have cropped up in the wild.
Scams, infrastructure attacks, data harvesting and attacks on streamers are all in the offing.
The credentials could be used to glean a variety of intel on the victims.
In testing, an Internet of Things (IoT) botnet of large, power-consuming appliances was used to carry out coordinated attacks on the energy grid.
The North Korean-sponsored actors are targeting sensitive and proprietary information, and the malware could disrupt regular operations and disable systems and files.