SecurityWeek reports that intrusions exploiting the ClickFix social engineering technique to facilitate information-stealing malware deployment have been escalating since August.Malvertising, phishing emails, and spam messages have been leveraged by state-backed threat actors, including Russia-linked APT28 and Iran-linked MuddyWater, and other cybercriminals to redirect users to malicious websites that display fraudulent update, error, or reCAPTCHA prompts, which eventually result in the delivery of the AsyncRAT, Lumma, VenomRAT, and XWorm RAT infostealers, as well as the DarkGate malware, according to an analysis from Group-IB.”The possibilities are endless, and the technique continues to evolve, finding innovative ways to deceive users. As threat actors refine their methods, we can expect even more sophisticated variants to emerge,” said Group-IB.Group-IB’s report comes after hospitality organizations in North America, Europe, Asia, and Oceania were noted by Microsoft to have been subjected to a ClickFix attack campaign involving the spoofing of Booking.com.
Attacks with ClickFix technique on the rise
