FAUX#ELEVATE phishing campaign targeting French-speaking corporate environments
Campaign
Summary
Hide ▲
Show ▼
The FAUX#ELEVATE phishing campaign is actively targeting French-speaking corporate environments with fake resume/CV lures that deliver malware for credential theft, data exfiltration, and Monero mining. The operation matters because it combines social engineering with multi-stage payload delivery and rapid post-execution abuse of compromised hosts.
Related Happenings
Hotel and hospitality photo-ZIP phishing campaign
Campaign
H score40
First: 26.06.2026 12:27
Last: 26.06.2026 12:27
Sources 1
About this happening:
An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...
Hotel and hospitality photo-ZIP phishing campaign
CampaignAbout this happening: An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...
Google DoubleClick malspam campaign delivering DesckVB RAT
Campaign
H score33
First: 03.06.2026 19:29
Last: 03.06.2026 19:29
Sources 1
About this happening:
A **new malspam campaign** is abusing **Google's DoubleClick** redirect path to evade detection and deliver **DesckVB RAT**, putting users and organizations at risk of malware inf...
Google DoubleClick malspam campaign delivering DesckVB RAT
CampaignAbout this happening: A **new malspam campaign** is abusing **Google's DoubleClick** redirect path to evade detection and deliver **DesckVB RAT**, putting users and organizations at risk of malware inf...
ModeloRAT malicious PowerShell and Dropbox delivery activity
Malware Activity
H score16
First: 14.05.2026 15:12
Last: 14.05.2026 15:12
Sources 1
About this happening:
The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...
ModeloRAT malicious PowerShell and Dropbox delivery activity
Malware ActivityAbout this happening: The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...
Vidar Stealer ClickFix campaign targeting multiple sectors
Campaign
H score38
First: 08.05.2026 14:00
Last: 08.05.2026 14:00
Sources 1
About this happening:
The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...
Vidar Stealer ClickFix campaign targeting multiple sectors
CampaignAbout this happening: The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...
TCLBanker self-spreading banking trojan
Malware Activity
H score31
First: 08.05.2026 01:06
Last: 08.05.2026 01:06
Sources 1
About this happening:
The **TCLBanker** trojan now combines **trojanized installer** delivery with **self-spreading worm modules**, widening access to **59 banking, fintech, and cryptocurrency platform...
TCLBanker self-spreading banking trojan
Malware ActivityAbout this happening: The **TCLBanker** trojan now combines **trojanized installer** delivery with **self-spreading worm modules**, widening access to **59 banking, fintech, and cryptocurrency platform...
Timeline
-
24.03.2026 18:35 2 articles · 3mo ago
FAUX#ELEVATE phishing campaign targets French-speaking corporate environments
Initial DisclosureFAUX#ELEVATE is an ongoing phishing campaign against French-speaking corporate environments that uses fake resume/CV documents and highly obfuscated VBScript files to deliver a multi-stage payload chain. The operation stages content through Dropbox, retrieves command-and-control configuration from compromised Moroccan WordPress sites, and exfiltrates stolen browser credentials and desktop files through mail[.]ru SMTP infrastructure. The malware chain combines credential theft, data exfiltration, and Monero mining, and it selectively targets domain-joined enterprise machines while avoiding standalone home systems.
Show sources
- Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner — thehackernews.com — 24.03.2026 18:35
- Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner — thehackernews.com — 24.03.2026 18:35