The active FAUX#ELEVATE phishing campaign targets French-speaking enterprise environments by delivering obfuscated VBScript payloads via spear-phishing, bypassing UAC and Windows Defender, abusing the known-vulnerable WinRing0x64.sys kernel driver (CVE-2020-14979), and stealing Chromium-based browser credentials via an ABE bypass before deploying XMRig for Monero mining. Exposure spans Chromium-based browsers, Mozilla Firefox, Microsoft Defender, Windows UAC, and the WinRing0x64.sys driver, with exfiltration via mail.ru SMTP and C2 through compromised WordPress infrastructure. Add WinRing0x64.sys to WDAC driver block lists immediately, block outbound SMTP to mail.ru from non-mail-server endpoints, hunt for VBScript execution from mail client or browser download contexts on domain-joined machines, and treat any affected Chromium credential stores as compromised.