A phishing campaign, dubbed FLUX#CONSOLE, targets Pakistan using tax-themed lures to deliver a stealthy backdoor. Threat actors exploit Microsoft MSC files disguised as PDFs (e.g., .pdf.msc) to execute obfuscated JavaScript, load malicious DLL payloads, and establish persistence through scheduled tasks. The attack mimics documents from Pakistan’s Federal Board of Revenue (FBR) to appear legitimate.

Once activated, the malware communicates with a remote server, executing commands for data exfiltration. Researchers disrupted the attack within 24 hours but noted its sophisticated use of obfuscation and stealth. While similarities to the Patchwork threat actor were observed, attribution remains uncertain. The campaign highlights evolving malware techniques leveraging legitimate administrative tools like MSC files for malicious purposes.

‍