A recent phishing campaign [1] [2] [3], known as PHANTOM#SPIKE, has been targeting individuals in Pakistan with a custom backdoor [1] [2] [3].


The threat actors behind this campaign have been using military-themed phishing documents related to the International Military-Technical Forum Army 2024 to infect victims. They send email messages containing a ZIP archive with a CHM file and an executable named “RuntimeIndexer.exe.” When recipients open the CHM file, they see what appears to be meeting minutes from the forum, while the executable establishes a backdoor connection with a remote server [1]. This backdoor functions as a RAT [1] [2], allowing the attacker to control the compromised system [1] [2], steal data, and deploy additional malware [1].


This phishing campaign poses a serious threat to individuals in Pakistan, as it can result in unauthorized access to sensitive information and the deployment of further malicious software. To mitigate the risk, individuals should be cautious when opening email attachments and ensure their systems are protected with up-to-date security measures. Additionally, organizations should educate their employees about the dangers of phishing attacks and implement robust cybersecurity protocols to prevent such incidents in the future.


[1] https://thehackernews.com/2024/06/military-themed-emails-used-to-spread.html
[2] https://secoperations.wordpress.com/2024/06/22/military-themed-email-scam-spreads-malware-to-infect-pakistani-users/
[3] https://vulners.com/thn/THN:D2DC1DBD92C5EE006A0E379C7318BFB2