Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

Tags

External References

• https://thehackernews.com/
• https://otx.alienvault.com/

Description

Threat actors are using fake Google Meet web pages as part of the ClickFix campaign to deliver infostealers targeting Windows and macOS systems. The attackers display fake error messages in web browsers, tricking users into executing malicious PowerShell code. The campaign has expanded to impersonate various online services, including Facebook, Google Chrome, and reCAPTCHA. On Windows, the attack deploys StealC and Rhadamanthys stealers, while macOS users are targeted with the Atomic stealer. The tactic evades detection by having users manually run the malicious code. Two traffers groups, Slavic Nation Empire and Scamquerteo, are attributed to this campaign, suggesting shared materials and infrastructure.

Date