SecurityWeek reports that intrusions exploiting the ClickFix social engineering technique to facilitate information-stealing malware deployment have been escalating since August.Group-IB researchers said malvertising, phishing emails, and spam messages have been leveraged by state-backed threat actors, including Russia-linked APT28 and Iran-linked MuddyWater, and other cybercriminals to redirect users to malicious websites that display fraudulent update, error, or reCAPTCHA prompts. These campaigns eventually result in the delivery of the AsyncRAT, Lumma, VenomRAT, and XWorm RAT infostealers, as well as the DarkGate malware."The possibilities are endless, and the technique continues to evolve, finding innovative ways to deceive users," said Group-IB researchrs. "As threat actors refine their methods, we can expect even more sophisticated variants to emerge."Group-IB's report comes after hospitality organizations in North America, Europe, Asia, and Oceania were noted by Microsoft to have been subjected to a ClickFix attack campaign involving the spoofing of Booking.com.
You can skip this ad in 5 seconds