The researchers said that recent changes to its Go downloader variant make it clear that the Zebrocy malware set is still under active development, with observed activity continued into late May 2019. The downloader fingerprints and profiles victims with screengrabs and system information collection, to inform second-stage credential-harvesting efforts.