Lampion Is Back With ClickFix Lures

May 6, 2025, 3:41 p.m.

Description

A highly focused malicious campaign targeting Portuguese organizations, particularly in government, finance, and transportation sectors, has been uncovered. The campaign is linked to Lampion malware, an infostealer focusing on banking information. The threat actors have incorporated ClickFix lures, a social engineering technique that tricks victims into executing malicious commands. The infection chain involves multiple stages of obfuscated Visual Basic scripts, evasion techniques, and a complex execution method. While the final payload was not delivered in this instance, the campaign demonstrates the threat actors' adaptation and sophistication. The article emphasizes the importance of enhanced detection capabilities and provides recommendations for security practitioners to address this evolving threat.

External References

https://unit42.paloaltonetworks.com/lampion-malware-clickfix-lures
https://otx.alienvault.com/pulse/6819eb7a7ae574079c9d055a
Tags
obfuscation
social engineering
powershell
infostealer
vbscript
clickfix
2025-05-06
lampion

Date

  • Created: May 6, 2025, 10:59 a.m.
  • Published: May 6, 2025, 10:59 a.m.
  • Modified: May 6, 2025, 3:41 p.m.

Indicators

  • ee4c8e4cce55bd40afa1fb0bc0eee3d7c23d0ebe2db48c2092e854f6ca1472ce
  • bba48cf24bb9e6bdcbc79c2241f101e3dd4127ab450e3dbbe1b79fa738f06483
  • 4aeb84dd71588a35084109ff5525c7bff2f30e0ed58ce139621b17f2374bdb35
  • 58fe2a7d4435c9c24c98d33aff1110add4bf95add31558f51289a028ddafcc6e
  • 334dfbaefbf7e6301d2385f95d861eb6dae9018c48fb298a2cbf5f364fbcdb2d
  • 29b63fcf8e5f08fd12166507b3a85746e3ec685ae0620a124e64125ecd9ccf9b
  • 1681c3b88ed315543ac1bf07d258d560cf2f85bfd26c10471d71700eaeb57fb3
  • 83.242.96.159
  • autoridade-tributaria.com
  • inde-faturas.com
Download all indicators here!

Attack Patterns

  • Lampion
  • Lampion

Additional Informations

  • Transportation
  • Finance
  • Government
  • Portugal