Cybersecurity researchers have uncovered the PHALT#BLYX campaign targeting European hospitality organizations using fake BSoD errors and phishing lures to deploy DCRat. The attackers employ sophisticated techniques, including living-off-the-land tactics, to evade detection and establish persistent access. #DCRat #PhishingLures
Keypoints
- The campaign uses fake booking cancellation alerts to lure victims into executing malicious PowerShell commands.
- Attackers deploy DCRat, a versatile remote access trojan capable of data theft and system control.
- Phishing emails include euro currency details and are in Russian, indicating targeting of European entities.
- The malware disables security software and sets up persistent access through Windows startup folder modifications.
- Living-off-the-land techniques exploit trusted binaries like MSBuild.exe to evade detection and deepen compromise.
Read More: https://thehackernews.com/2026/01/fake-booking-emails-redirect-hotel.html