Find notable cyber news and cases, enriched with sources, timelines, and signals.

FAUX#ELEVATE phishing campaign targeting French-speaking corporate environments

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The FAUX#ELEVATE phishing campaign is actively targeting French-speaking corporate environments with fake resume/CV lures that deliver malware for credential theft, data exfiltration, and Monero mining. The operation matters because it combines social engineering with multi-stage payload delivery and rapid post-execution abuse of compromised hosts.

Related Happenings

Hotel and hospitality photo-ZIP phishing campaign

Campaign
H score40 First: 26.06.2026 12:27 Last: 26.06.2026 12:27 Sources 1

About this happening: An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...

Google DoubleClick malspam campaign delivering DesckVB RAT

Campaign
H score33 First: 03.06.2026 19:29 Last: 03.06.2026 19:29 Sources 1

About this happening: A **new malspam campaign** is abusing **Google's DoubleClick** redirect path to evade detection and deliver **DesckVB RAT**, putting users and organizations at risk of malware inf...

ModeloRAT malicious PowerShell and Dropbox delivery activity

Malware Activity
H score16 First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...

Vidar Stealer ClickFix campaign targeting multiple sectors

Campaign
H score38 First: 08.05.2026 14:00 Last: 08.05.2026 14:00 Sources 1

About this happening: The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...

TCLBanker self-spreading banking trojan

Malware Activity
H score31 First: 08.05.2026 01:06 Last: 08.05.2026 01:06 Sources 1

About this happening: The **TCLBanker** trojan now combines **trojanized installer** delivery with **self-spreading worm modules**, widening access to **59 banking, fintech, and cryptocurrency platform...

Timeline

  1. 24.03.2026 18:35 2 articles · 3mo ago

    FAUX#ELEVATE phishing campaign targets French-speaking corporate environments

    Initial Disclosure

    FAUX#ELEVATE is an ongoing phishing campaign against French-speaking corporate environments that uses fake resume/CV documents and highly obfuscated VBScript files to deliver a multi-stage payload chain. The operation stages content through Dropbox, retrieves command-and-control configuration from compromised Moroccan WordPress sites, and exfiltrates stolen browser credentials and desktop files through mail[.]ru SMTP infrastructure. The malware chain combines credential theft, data exfiltration, and Monero mining, and it selectively targets domain-joined enterprise machines while avoiding standalone home systems.

    Show sources