PHOREAL malware, discovered by the Elastic Security Intelligence & Analytics Team, targets financial organizations in Southeast Asia, especially in Vietnam, and is linked to the APT32 threat group, known for its focus on the region since 2014. The malware, also referred to as RIZZO, is a backdoor that facilitates initial victim profiling and subsequent data compromise, using a newly observed evasion technique involving memory loading, tracked as activity group REF4322. Elastic Security identified this tactic while investigating unique Windows memory protection shellcode alerts, leading to the development of detection signatures and defensive recommendations for affected organizations. Further resources and training are available through Elastic Security's platform for both existing users and new users interested in understanding and mitigating this threat.