The CRON#TRAP malware campaign, discovered by Securonix researchers, targets Windows systems through phishing emails disguised as surveys from OneAmerica. The attack involves a 285MB ZIP file containing a Windows shortcut and a custom QEMU virtual machine (VM). When executed, this VM installs a backdoor for remote access, allowing cybercriminals to maintain a stealthy presence on compromised machines. The use of a Linux VM helps the malware evade traditional antivirus defenses, making it a sophisticated and stealthy threat.