Dossier
Photo ZIP phishing campaign
Coverage of Photo ZIP phishing campaign in the Nexus archive.
- Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant
Microsoft warns of an ongoing phishing campaign targeting hotel and hospitality organizations in Europe and Asia since April 2026. The campaign uses photo-themed ZIP files to deploy a Node.js implant on front-desk machines, with no known attribution to a specific threat actor or clear end goal.