← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClickFix Phishing Campaign Delivers New Infostealer
WHITE eric.ford 2024-11-15 Modified: 2024-11-15
14
IOCs
MEDIUM VOLUME
Gen Digital has uncovered a new infostealer, Glove Stealer, distributed via a phishing campaign using malicious HTML attachments that leverage the ClickFix technique. The campaign employs PowerShell scripts to download and execute its payload, exfiltrating sensitive data such as credentials, browser data, and cryptocurrency wallets. The stealer uses a separate module to bypass Chrome's App-Bound encryption. This campaign highlights a significant risk, requiring robust phishing awareness, layered security controls, and proactive threat hunting to mitigate potential compromises.
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Glove
Indicators of Compromise (14)
All FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 2bf6fab237ab58ae6cfe78f9a61ab6dcaf55f437cb7a77878e2e6aae3b208e80 2024-11-15
FileHash-SHA256 56da496329d54587c31119d8878a7831a9814a92839aa6a9873ceeb91575b11a 2024-11-15
FileHash-SHA256 86ad4082e086a0b9a22dc91a16d0d9be38232975ab4d3d035224fb6d6cc7a44c 2024-11-15
URL https://master.hdsjfkgsadoghdsiougds.space/mother/RANDOM_STRING?id=0 2024-11-15
URL https://master.hdsjfkgsadoghdsiougds.space/mother/RANDOM_STRING?id=2&ids=MD5_key 2024-11-15
URL https://master.volt-texs.online/api/c4slhp3l 2024-11-15
URL https://master.volt-texs.online/index2.php 2024-11-15
URL https://master.volt-texs.online/postovoy/RANDOM_STRING 2024-11-15
hostname master.hdsjfkgsadoghdsiougds.space 2024-11-15
hostname master.volt-texs.online 2024-11-15
URL https://master.hdsjfkgsadoghdsiougds.space 2024-11-15
URL https://master.hdsjfkgsadoghdsiougds.space/mother/ 2024-11-15
URL https://master.volt-texs.online 2024-11-15
URL https://master.volt-texs.online/postovoy/ 2024-11-15
References (1)
↗ https://www.gendigital.com/blog/news/innovation/glove-stealer