← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape
WHITE AlienVault 2024-11-18 Modified: 2024-12-18
26
IOCs
MEDIUM VOLUME
Proofpoint researchers have identified a surge in the ClickFix social engineering technique across the threat landscape. This technique uses dialogue boxes with fake error messages to trick users into copying, pasting, and running malicious content on their computers. Multiple threat actors are employing ClickFix through compromised websites, documents, HTML attachments, and malicious URLs. Recent campaigns have included GitHub security vulnerability notifications, Swiss e-commerce marketplace impersonations, fake software updates, and ChatGPT-themed malvertising. The technique has been observed delivering various malware, including AsyncRAT, Danabot, DarkGate, Lumma Stealer, and NetSupport. The popularity of ClickFix is attributed to its effectiveness in bypassing security protections by exploiting users' desire to be helpful and independent.
malware deliverythreat landscapeasyncratsocial engineeringdarkgatelucky volunteerrecaptcha phishdanabotnetsupportlatrodectuslumma stealerxwormphishingpowershellclickfixbrute ratel c4
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
AsyncRAT Danabot DarkGate Lumma Stealer NetSupport Brute Ratel C4 Latrodectus XWorm Lucky Volunteer
Indicators of Compromise (5 / 26 total)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://178.215.224.252/v10/ukyh.php 2024-11-18
URL http://185.147.124.40/Capcha.html 2024-11-18
URL http://188.119.113.152/x64_stealth.dll 2024-11-18
URL https://github-scanner.com/l6E.exe 2024-11-18
URL https://ricardo.aljiri.es/ricardo/captchaV4DE/ 2024-11-18
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/security-brief-clickfix-social-engineering-technique-floods-threat-landscape