A phishing campaign that launched in March and is actively targeting Microsoft operating system users in Europe and the US is making the rounds, using the EvilExtractor tool as its weapon of choice.

Research this week from FortiGuard Labs details the EvilExtractor attack chain, explaining that it usually starts with a legitimate-seeming Adobe PDF or Dropbox link, which instead deploy a malicious PowerShell when opened or clicked, before eventually leading to the modular EvilExtractor malware.