SHADOW#REACTOR fake .ttf phishing campaign targeting Windows systems
Campaign
Updated: 16.07.2026 18:00
· First: 16.07.2026 18:00
· 📰 1 src / 1 articles
· H score: 31
A large-scale phishing campaign is delivering RATs and infostealers to Windows systems by disguising a malicious script as a .ttf font file. The operation has been active since late March 2026 and uses fileless delivery to reduce detection. It combines business-cooperation lures, scheduled-task persistence, and in-memory execution to push payloads including Agent Tesla, Remcos, XWorm, and Best Private LOGGER.