Recent campaigns targeting victims through social engineering tactics utilize LUMMA STEALER with GHOSTPULSE as its loader. By tricking victims into executing a series of Windows keyboard shortcuts, malicious JavaScript is executed, leading to the execution of a PowerShell script. The script downloads and executes a GHOSTPULSE payload, which is now a single executable file containing the encrypted configuration within its resources section.
Source: GBHackers