The threat actor known as Boolka has been conducting SQL injection attacks to compromise websites and deliver the BMANAGER trojan since 2022. Boolka uses malicious JavaScript to intercept and exfiltrate user data from infected sites. The trojan installs additional modules to harvest files, log keystrokes, and maintain persistence, reflecting an increasingly sophisticated attack strategy. The use of the BeEF framework for malware delivery and the development of their own malware delivery platform indicates significant advancement in Boolka’s tactics over time.