"This week didn't produce one big headline. It produced many small signals - the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That's the point. Entry is becoming less visible while impact scales later."
"ClickFix distribution surge Threat actors are using a framework named IClickFix that can be used to build ClickFix pages on hacked WordPress sites. According to security firm Sekoia, the framework has been live on more than 3,800 sites since December 2024. "This cluster uses a malicious JavaScript framework injected into compromised WordPress sites to display the ClickFix lure and deliver NetSupport RAT," the French cybersecurity company said. The malware distribution campaign leverages the ClickFix social engineering tactic through a Traffic Distribution System ( TDS)."
Multiple small signals indicate intrusions now begin in developer workflows, remote tools, cloud access, identity paths, and routine user actions. Entry often appears ordinary and invisible while impact is delayed and scaled. Attackers increasingly industrialize operations using shared infrastructure, repeatable playbooks, rented access, and affiliate-style ecosystems. Operations resemble services rather than isolated campaigns. ClickFix campaigns deploy a malicious JavaScript framework on compromised WordPress sites to deliver NetSupport RAT via traffic distribution systems such as YOURLS and ErrTraffic. Adversaries prioritize automation, prebuilt frameworks, and reusable infrastructure to reduce friction and accelerate impact.
#industrialized-cybercrime #developer-workflow-compromise #clickfix-netsupport #traffic-distribution-systems
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]