PHISH ALERT: From a Simple Phishing Email to a Full Attack Arsenal: The Evolution of "ClickFix"

A sophisticated phishing campaign leverages evolved ClickFix techniques to bypass modern endpoint security through victim-assisted execution. Targets receive emails with urgent OneDrive document lures containing malicious ZIP attachments. The attack uses LNK shortcuts that redirect victims to landing pages, silently injecting PowerShell commands into their clipboard. Through social engineering, victims are tricked into manually executing commands via Win+R, circumventing traditional security filters. The campaign employs DNS TXT records for payload staging, avoiding HTTP detection. The threat infrastructure hosts multiple malicious components including obfuscated scripts, fake MSI installers masquerading as legitimate software like ConnectWise, and ISO images with spyware for persistent access. This represents a shift toward long-game tactics focused on establishing full post-compromise environmental control.

Pulse ID: 6a3a7809c43cfba36348ed9d
Pulse Link: https://otx.alienvault.com/pulse/6a3a7809c43cfba36348ed9d
Pulse Author: AlienVault
Created: 2026-06-23 12:11:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Clipboard #ConnectWise #CyberSecurity #DNS #EDR #Email #Endpoint #HTTP #ICS #InfoSec #LNK #OTX #OpenThreatExchange #Phishing #PowerShell #SocialEngineering #SpyWare #ZIP #bot #AlienVault

Ransomware surged in 2025, but the bigger shift was how attacks are happening.

The 2026 MSP Threat Report breaks down how attackers are bypassing traditional defenses, where security gaps are emerging, and what IT Solution Providers can do to reduce risk earlier in the attack lifecycle.

👉 Download the report for free: http://ms.spr.ly/61107vEkLR

#Cybersecurity #MSP #ManagedServices #IT #ConnectWise #AI #Cybersecurity #MSPCommunity #MSPPlatform https://connectwiseadvocacy.sprinklr.com/content/ADVOCACY_205_69f3444047badd57afcee5e4?sourceType=ACCOUNT

CISA Flags Actively Exploited ConnectWise, Windows Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged two major vulnerabilities, including a critical flaw in ConnectWise ScreenConnect and a Microsoft Windows Shell bug, as actively exploited by hackers. These flaws could allow attackers to execute remote code, access confidential data, and compromise critical systems.

https://osintsights.com/cisa-flags-actively-exploited-connectwise-windows-flaws?utm_source=mastodon&utm_medium=social

#Cve20241708 #Cve202632202 #Windows #Connectwise #Screenconnect

CVE Alert: CVE-2024-1708 - ConnectWise - ScreenConnect - https://www.redpacketsecurity.com/cve-alert-cve-2024-1708-connectwise-screenconnect/

#OSINT #ThreatIntel #CyberSecurity #cve-2024-1708 #connectwise #screenconnect