Analyzing PHALT#BLYX: How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infection

A highly targeted phishing campaign exploits fake Booking.com cancellations and psychological “ClickFix” tactics to trick hospitality sector victims into manually executing a multi-stage, Russian-linked DCRat malware, leveraging trusted tools like MSBuild.exe to stealthily bypass defenses, disable antivirus, and maintain persistent, full remote access.