Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOM#SPIKE by Securonix, the unknown threat actors behind the activity have leveraged military-related phishing documents to activate the infection sequence. "While there are many methods used today to deploy malware, the threat actors made use of ZIP files with a password-protected payload archive contained within," researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a reportreport shared with The Hacker News. The campaign is notable for its lack of sophistication and the use of simple payloads to achieve remote access to target machines. The email messages come bearing a ZIP archive that purports to be meeting minutes related to the International Military-Technical Forum Army 2024, a legitimate event organized by the Ministry of Defense of the Russian Federation. It's set to be held in Moscow in mid-August 2024. Present within the ZIP file is a Microsoft Compiled HTML Help (CHM) file and a hidden executable ("RuntimeIndexer.exe"), the former of which, when opened, displays the meeting minutes as well as a couple of images, but stealthily runs the bundled binary as soon as the user clicks anywhere on the document. The executable is designed to function as a backdoor that establishes connections with a remote server over TCP in order to retrieve commands that are subsequently run on the compromised host. …Read More