A Social Engineering Tactic to Deploy Malware

July 15, 2024, 3:26 p.m.

Description

McAfee Labs uncovered a sophisticated social engineering technique, dubbed 'ClickFix,' for deploying malware such as DarkGate and Lumma Stealer. Victims are lured to compromised websites displaying error messages with instructions to paste scripts in PowerShell, facilitating malware downloads and execution. This deceptive tactic exploits users' trust by masquerading as legitimate error prompts, tricking them into unknowingly executing malicious code that compromises their systems.

Date

  • Created: July 15, 2024, 3:12 p.m.
  • Published: July 15, 2024, 3:12 p.m.
  • Modified: July 15, 2024, 3:26 p.m.

Indicators

  • e60d911f2ef120ed782449f1136c23ddf0c1c81f7479c5ce31ed6dcea6f6adf9
  • 6608aeae3695b739311a47c63358d0f9dbe5710bd0073042629f8d9c1df905a8
  • 07594ba29d456e140a171cba12d8d9a2db8405755b81da063a425b1a8b50d073
  • 8c382d51459b91b7f74b23fbad7dd2e8c818961561603c8f6614edc9bb1637d1
  • e9ad648589aa3e15ce61c6a3be4fc98429581be738792ed17a713b4980c9a4a2
  • 5c204217d48f2565990dfdf2269c26113bd14c204484d8f466fb873312da80cf
  • 7d8a4aa184eb350f4be8706afb0d7527fca40c4667ab0491217b9e1e9d0f9c81

Attack Patterns

  • Lumma Stealer
  • DarkGate
  • T1223
  • T1568
  • T1588
  • T1490
  • T1608
  • T1564.003
  • T1137
  • T1059.001
  • T1204.002
  • T1486
  • T1564
  • T1547
  • T1218
  • T1105
  • T1204
  • T1140
  • T1027
  • T1112
  • T1059