Cybersecurity experts are tracking a new phishing campaign known as FLUX#CONSOLE, which uses tax-themed lures to deploy a stealthy backdoor payload targeting Pakistan.
The campaign notably leverages MSC files to deploy a dual-purpose loader and dropper for additional malicious payloads, showcasing the evolving complexity of these cyberattacks.
Attackers employed double-extension files (like .pdf.msc) disguised as PDFs to execute malicious code that retrieves a decoy file while covertly loading a DLL in the background.
The malicious MSC file not only delivers payloads from embedded code but also executes additional commands by connecting to a remote HTML file to further the attack.
Collection
[
|
...
]