Researchers uncovered a two-stage phishing attack stealing email logins to install LogMeIn Resolve RMM for persistent, hidden Windows access.