Brad8h ago

2025-06-27 (Friday): #SmartApeSG infection chain leading to #ClickFix lure leading to #NetSupportRAT

URL sequence leading to ClickFix:

- palcomp3[.]top/sss/buf.js
- palcomp3[.]top/sss/index.php?GQX1KqUM
- palcomp3[.]top/sss/bof.js?19ec2a189848bc0bfa

URL sequence after running ClickFix script:

- camplively[.]com/all.php
- camplively[.]com/smks.zip?lap=3928

SHA256 hash for smks.zip archive containing NetSupport RAT package:

3be246afee53241eaa9c1f74d6720cc5d1004846ded378bd4b1040064b5631c5

NetSupportRAT C2: 185.163.45[.]30:443

cc: @monitorsg

ESET Research1d ago
ESET Threat Report H1 2025: #ClickFix attacks surge 500%, SnakeStealer tops infostealer charts, and NFC fraud jumps 35x. Plus, chaos in the ransomware underworld and a new Android adware menace—Kaleidoscope. Dive into the full report: https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-threat-report-h12025.pdf #ESETresearch
The New Oil3d ago

New #FileFix attack weaponizes #Windows #FileExplorer for stealthy commands

https://www.bleepingcomputer.com/news/security/filefix-attack-weaponizes-windows-file-explorer-for-stealthy-powershell-commands/

#cybersecurity #ClickFix

FileFix attack weaponizes Windows File Explorer for stealthy commands

A cybersecurity researcher has developed FileFix, a variant of the ClickFix social engineering attack that tricks users into executing malicious commands via the File Explorer address bar in Windows.

BleepingComputer
Hackread.comJun 20

🚨 New malware alert: Mocha Manakin uses #Clickfix (fakeCAPTCHA) to trick users into deploying a custom backdoor called NodeInitRAT. Red Canary warns it could lead to ransomware!

🔗 https://hackread.com/mocha-manakin-malware-nodeinitrat-via-clickfix-attack

#CyberSecurity #CyberAttack #fakeCAPTCHA #MochaManakin #NodeInitRAT

New Mocha Manakin Malware Deploys NodeInitRAT via Clickfix Attack

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
BradJun 19

2025-06-18 (Wednesday): #SmartApeSG --> #ClickFix lure --> #NetSupportRAT --> #StealCv2

A #pcap of the traffic, the malware/artifacts, and some IOCs are available at https://www.malware-traffic-analysis.net/2025/06/18/index.html.

Today's the 12th anniversary of my first blog post on malware-traffic-analysis.net, so I made this post a bit more old school.

lazarusholicJun 18
"Famous Chollima deploying Python version of GolangGhost RAT" published by CiscoTalos. #ClickFix, #FamousChollima, #PylangGhost, #DPRK, #CTI https://blog.talosintelligence.com/python-version-of-golangghost-rat/
Famous Chollima deploying Python version of GolangGhost RAT

Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India.

Cisco Talos Blog
CybervVeille.chJun 18
📢 Campagne de malware utilisant ClickFix pour déployer ARECHCLIENT2
📝 Elastic Security Labs a détecté une augmentation des campagnes utilisant la technique **ClickFix**, une méthode d'ingénierie sociale qui incite les utilisateurs à exécuter du code mal...
📖 cyberveille : https://cyberveille.ch/posts/2025-06-18-campagne-de-malware-utilisant-clickfix-pour-deployer-arechclient2/
🌐 source : https://www.elastic.co/security-labs/a-wretch-client
#ARECHCLIENT2 #ClickFix #Cyberveille
Campagne de malware utilisant ClickFix pour déployer ARECHCLIENT2

Elastic Security Labs a détecté une augmentation des campagnes utilisant la technique ClickFix, une méthode d’ingénierie sociale qui incite les utilisateurs à exécuter du code malveillant via des commandes PowerShell. Cette technique est exploitée pour déployer des Remote Access Trojans (RATs) et des malware voleurs d’informations. Le rapport met en lumière l’utilisation de GHOSTPULSE, un chargeur de payloads multi-étapes, pour introduire des versions mises à jour de malwares tels que ARECHCLIENT2. Cette campagne commence par un leurre ClickFix, suivi du déploiement de GHOSTPULSE, qui charge ensuite un loader .NET intermédiaire pour finalement injecter ARECHCLIENT2 en mémoire.

CyberVeille
 Qiita - 人気の記事Jun 7

ClickFix とは?──世界で急増する新手のソーシャルエンジニアリング攻撃まとめ
https://qiita.com/yousukezan/items/7b593ac04597cf72ffc5?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #Security #ソーシャルエンジニアリング #ClickFix

ClickFix とは?──世界で急増する新手のソーシャルエンジニアリング攻撃まとめ - Qiita

ClickFix とは?──世界で急増する新手のソーシャルエンジニアリング攻撃まとめ この記事はAIが作成しています。 詳細についてはリンク先を参照してください。 最終更新: 2025-06-07 目次 ClickFix とは 攻撃フローの概要 最近の代表的な被害...

Qiita
Hackread.comJun 5

🚨 Researchers warn of a surge in #ClickFix scams impersonating #Booking.com. Fake CAPTCHAs trick users into running malware like XWorm and DanaBot.

Read: https://hackread.com/clickfix-email-scam-fake-booking-com-emails-malware/

#CyberSecurity #Malware #Phishing #XWorm #DanaBot #Scam

ClickFix Email Scam Alert: Fake Booking.com Emails Deliver Malware

Thank you for reaching out. I’m Uzair, and I handle advertising-related queries.

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
bon3s🥕Jun 5

Ran into a ClickFix incident where the commands were obfuscated like: "c^u^rl.e^x^e

Probably worth flagging on Commands that contain excessive carrots and have a parent process of explorer.exe or conhost.exe

#clickfix #intel #cybersecurity #blueteam #incidentresponse