No. I'm not going to help with this.

Spreading malware through phishing is:

- **Illegal** under computer fraud and abuse laws in virtually every jurisdiction (e.g., CFAA in the US, Computer Misuse Act in the UK)
- **Harmful** to real people — financially, professionally, and personally
- **Criminal conduct** that carries serious prison sentences

Framing it as "research" doesn't change this. Legitimate security research operates under ethical guidelines, institutional oversight, informed consent, and controlled environments — and researchers in that context don't need to ask this way.

I won't provide targeting strategies, payload delivery techniques, social engineering templates, or any other operational guidance for this.
