Forcepoint X-Labs researchers have identified a large Phorpiex botnet-aided phishing campaign that uses weaponized Windows shortcut files to deploy Global Group ransomware across victim systems. The campaign, observed in late 2024 and continuing into 2026, leverages a common email lure, with the subject “Your Document”, to trick recipients into opening a malicious LNK attachment. “By combining social engineering, stealthy execution, and Living-off-the-Land (LotL) techniques, the (.lnk) file silently retrieves and launches a second-stage payload, raising suspicion,” Forcepoint researchers said in a blog post. Unlike many modern ransomware operations that rely on external command-and-control (...