Fix the Click: Preventing the ClickFix Attack Vector

Summary

• ClickFix is an increasingly popular social engineering technique that threat actors leverage in multi-stage attacks to trick potential victims into executing malicious commands — seemingly as “quick fixes” for routine computer issues.
• Attackers distribute Latrodectus malware via this ClickFix campaign, luring victims via increasingly popular technique: past attacks have used fake Captcha pages as one initial infection vector.
• This campaign distributes NetSupport RAT over ClearFake infrastructure, an emerging “fake update” kit that abuses verification pages of well-known brands.
• These lures drop various payloads, including infostealers and RATs or tools to disable security tools.
• Unit 42 continues to track these ClickFix campaigns and their various payloads.

By Rem Dudas and Noa Dekel

Original Article