#malware-delivery

[ follow ]
#mshta #lolbin #vbscript #threat-detection #clickfix-attack #command-and-control #social-engineering
Information security
fromSecurityWeek
2 days ago

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

MSHTA enables Microsoft-signed execution of remote scripts, making it a growing LOLBIN used to deliver and persist malware despite legitimate backward compatibility.
fromThe Hacker News
2 months ago

Investigating a New Click-Fix Variant

Atos Researchers identified a new variant of the popular ClickFix technique, where attackers convince the user to execute a malicious command on their own device through the Win + R shortcut. In this variation, a "net use" command is used to map a network drive from an external server, after which a ".cmd" batch file hosted on that drive is executed.
Information security
Information security
fromComputerworld
2 months ago

ClickFix attackers using new tactic to evade detection, says Microsoft

Threat actors exploit Windows Terminal to deliver ClickFix phishing attacks, bypassing traditional Run command defenses and security awareness training through malicious PowerShell commands.
Information security
fromTechRepublic
2 months ago

Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

QuickLens Chrome extension was compromised to deliver malware, steal cryptocurrency wallet data, and execute ClickFix attacks by stripping security headers and establishing command-and-control communications.
Information security
fromTheregister
2 months ago

Microsoft OAuth scams abuse redirects for malware delivery

Microsoft warns of ongoing OAuth abuse scams using phishing emails and URL redirects to deliver malware and compromise organizational devices, primarily targeting government and public-sector entities.
fromTheregister
3 months ago

Critical React Native Metro dev server bug under attack

The flaw, tracked as CVE-2025-11953, arises because the Metro development server started by the React Native Community command line tool exposes an endpoint vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run malicious executables. Similarly, on Windows machines, miscreants can abuse the security hole to execute arbitrary shell commands with fully controlled arguments.
Information security
Information security
fromThe Hacker News
7 months ago

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

North Korea–linked actors used ClickFix lures to deliver BeaverTail and InvisibleFerret malware to non-developer cryptocurrency, retail, and Web3 roles via fake hiring platforms.
[ Load more ]