Securonix threat researchers have been tracking a stealthy campaign targeting the hospitality sector that uses click-fix social engineering, fake captchas, and fake blue screens of death to trick users into pasting malicious code. It leverages a trusted MSBuid.exe tool to bypass defenses and deploys a stealthy, Russian-linked DCRat payload for full remote access and the ability to drop secondary payloads.[1]
An ongoing malware campaign tracked as PHALT#BLYX has been identified as a multi-stage
