Cybersecurity researchers have identified a new phishing campaign dubbed PHANTOM#SPIKE targeting individuals in Pakistan. This campaign utilizes military-themed phishing documents containing ZIP files with password-protected payloads. Upon opening these files, unsuspecting users unwittingly activate a Microsoft CHM file (“RuntimeIndexer.exe”), which serves as a covert backdoor granting remote access to compromised systems.
The attackers behind PHANTOM#SPIKE leverage basic payloads to establish connections with remote servers and execute commands on infected machines via cmd.exe. This backdoor facilitates data exfiltration and the execution of additional malicious payloads, providing persistent access to sensitive information. The campaign stands out for its simplicity in operation while posing significant cybersecurity risks through stealthy infiltration and remote control capabilities.
Researchers emphasize the threat posed by PHANTOM#SPIKE, underscoring its ability to execute commands remotely and relay sensitive data back to command-and-control servers. The phishing emails lure victims with purported meeting minutes related to a legitimate military forum, exploiting user curiosity to initiate the infection chain. This tactic highlights the ongoing challenge of defending against socially engineered attacks that exploit human vulnerabilities to breach organizational defenses and compromise sensitive data.
Reference:
