"The latest campaign displays highly convincing fake Windows update screens in an attempt to get the victim to run malicious code, indicating that attackers are moving away from the traditional robot-check lures. The activity has been codenamed JackFix by the Singapore-based cybersecurity company. Perhaps the most concerning aspect of the attack is that the phony Windows update alert hijacks the entire screen and instructs the victim to open the Windows Run dialog, press Ctrl + V, and hit Enter, thereby triggering the infection sequence."
"It's assessed that the starting point of the attack is a fake adult site to which unsuspecting users are redirected via malvertising or other social engineering methods, only to suddenly serve them an "urgent security update." Select iterations of the sites have been found to include developer comments in Russian, hinting at the possibility of a Russian-speaking threat actor. The Windows Update screen is created entirely using HTML and JavaScript code, and pops up as soon"
A campaign uses fake adult websites and malvertising to redirect users to convincing, full-screen fake Windows update screens that pressure victims into executing malicious commands. The attack leverages ClickFix-style social engineering, instructing users to open the Run dialog, paste a command (Ctrl+V), and press Enter to trigger the infection. Microsoft telemetry shows ClickFix as a leading initial access method, accounting for 47% of attacks. The activity, codenamed JackFix, uses HTML and JavaScript to recreate the Windows Update interface. Some site iterations include developer comments in Russian, suggesting possible Russian-speaking actors.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]