ClickFix it is the name of the tactical to the social engineering, the use of which by march, with a view to the installation of the info-stealers to your computer. The Sekoia recently put a new version up-to-date, which aims to Google Meet. In other cases, the popularity of Facebook has been used.
The details of the campaign, the malware is
At the beginning of march, the campaign ClickFix use phishing to send an attachment to HTML in the message with the error of the false. The users were convinced of the ekzekutonin's a script PowerShell to regulate the same. In reality, it was installed infovjedhës to be different. The last he may, instead, used the pages of phishing to spread malware.
More recently, they have used the site to be fake shfaqnin errors in Google Meet. In practice, however, the user receiving a call (presumably legitimate) by email to take part in the meeting via the internet. By clicking on the link opens a page similar to that of a service provider, which shows the problems are nonexistent, with a headset, or a microphone.
If the victims, who do not doubt, click on the “Fix It” or “Try ' Fix ' the windows, and pop-up a script PowerShell is downloaded from the site. The performance of its auto-triggers the removal of the malware, i.e. the infostealer Stealc or Rhadamanthys for Windows AMOS Stealer for the macOS.
Tactics, like they are used to focus the user's use of the services of any of the other well known, including Zoom and Facebook. In addition to those already listed, spread the malware to other, well known, such as the DarkGate, Matanbuchus, NetSupport, Amadey Loader, XMRig, Vidar, and Lumma Stealer.
Discussion about this post