A phishing campaign named SeasonalInvite has been active since January 2026, targeting Windows and macOS users by disguising remote monitoring and management (RMM) tools as legitimate eCards. The campaign uses themes that rotate with the calendar, employing 959 identified domains to lure victims. Researchers noted that the malware takes advantage of genuine software by making it appear trusted through signed installers, passing security checks.
The phishing infrastructure is suspected to involve artificial intelligence in generating landing pages and manipulating content. Forescout recommends organizations track RMM tools closely and train staff on the dangers of unsolicited eCard installations.