A sophisticated malware-as-a-service offering known as Phantom Stealer is actively targeting banks and high-value organizations through specialized phishing campaigns. According to researchers at Fortra, the credential and session-stealing malware executes entirely in memory to bypass traditional signature-based security tools. It employs advanced evasion tactics, including heavily obfuscated batch files, PowerShell commands, and disguised API calls to inject itself into the legitimate Windows Explorer process.

Relevant URL: https://www.darkreading.com/cyberattacks-data-breaches/fileless-phantom-stealer-targets-browser-credentials