A recent phishing campaign impersonates Amazon security alerts to deliver a custom remote access trojan (RAT) dubbed HarborWatch Agent. The attack leverages the ClickFix technique, using a fake CAPTCHA page to socially engineer victims into manually executing a malicious PowerShell command via the Windows Run dialog. Once executed, the script downloads the RAT, which collects system information and communicates with a C2 infrastructure managed via a panel called Harbor Sentinel.