Researchers at Palo Alto Networks Unit 42 menace intelligence division have additionally reported seeing extra ClickFix assaults. In a July report, they stated attackers lure victims into copying and pasting instructions to use fast fixes to frequent laptop points similar to efficiency issues, lacking drivers, or pop-up errors. Pretend tech assist boards are a method these assault begin. Menace actors have additionally been recognized, in different campaigns, to make use of pretend DocuSign and Okta single-sign-on pages to trick customers. Payloads embrace infostealers, distant entry trojans (RATS), or instruments that disable security.
“This supply technique bypasses many commonplace detection and prevention controls” says the Palo Alto report. “There isn’t a exploit, phishing attachment, or malicious hyperlink. As an alternative, potential victims unknowingly run the command themselves, via a trusted system shell. This technique makes infections from ClickFix extra difficult to detect than drive-by downloads or conventional malware droppers.”
In yet one more occasion, researchers at NCC Group at this time issued this report on a ClickFix assault they found in Might that concerned a drive-by compromise and the usage of a pretend CAPTCHA popup, with the purpose of putting in the Lumma C2 Stealer.
