A Social Engineering Tactic to Deploy Malware

July 15, 2024, 3:26 p.m.

Description

McAfee Labs uncovered a sophisticated social engineering technique, dubbed 'ClickFix,' for deploying malware such as DarkGate and Lumma Stealer. Victims are lured to compromised websites displaying error messages with instructions to paste scripts in PowerShell, facilitating malware downloads and execution. This deceptive tactic exploits users' trust by masquerading as legitimate error prompts, tricking them into unknowingly executing malicious code that compromises their systems.

External References

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clickfix-deception-a-social-engineering-tactic-to-deploy-malware/
https://otx.alienvault.com/pulse/66953c49237688e18327a6ac
Tags
darkgate
lumma stealer
2024-07-15
clickfix

Date

  • Created: July 15, 2024, 3:12 p.m.
  • Published: July 15, 2024, 3:12 p.m.
  • Modified: July 15, 2024, 3:26 p.m.

Indicators

  • e60d911f2ef120ed782449f1136c23ddf0c1c81f7479c5ce31ed6dcea6f6adf9
  • 6608aeae3695b739311a47c63358d0f9dbe5710bd0073042629f8d9c1df905a8
  • 07594ba29d456e140a171cba12d8d9a2db8405755b81da063a425b1a8b50d073
  • 8c382d51459b91b7f74b23fbad7dd2e8c818961561603c8f6614edc9bb1637d1
  • e9ad648589aa3e15ce61c6a3be4fc98429581be738792ed17a713b4980c9a4a2
  • 5c204217d48f2565990dfdf2269c26113bd14c204484d8f466fb873312da80cf
  • 7d8a4aa184eb350f4be8706afb0d7527fca40c4667ab0491217b9e1e9d0f9c81
Download all indicators here!

Attack Patterns

  • Lumma Stealer
  • DarkGate
  • T1223
  • T1568
  • T1588
  • T1490
  • T1608
  • T1564.003
  • T1137
  • T1059.001
  • T1204.002
  • T1486
  • T1564
  • T1547
  • T1218
  • T1105
  • T1204
  • T1140
  • T1027
  • T1112
  • T1059