Mastodawn

📢 LeakNet adopte ClickFix et un loader Deno furtif pour étendre ses opérations ransomware
📝 *Le groupe ransomware LeakNet ajoute ClickFix via des sites légitimes compromis et...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-21-leaknet-adopte-clickfix-et-un-loader-deno-furtif-pour-etendre-ses-operations-ransomware/
🌐 source : https://reliaquest.com/blog/threat-spotlight-casting-a-wider-net-clickfix-deno-and-leaknets-scaling-threat
#ClickFix #DLL_sideloading #Cyberveille

LeakNet adopte ClickFix et un loader Deno furtif pour étendre ses opérations ransomware

Le groupe ransomware LeakNet ajoute ClickFix via des sites légitimes compromis et un loader Deno en mémoire comme nouvelles méthodes d'accès initial, tout en conservant une chaîne post-exploitation identique.

CyberVeille

decio 1d ago

Tiens, jolie trouvaille pour la saison de chasse 👀

Nouvelle évolution très graphique de #ClickFix, qui s’appuie cette fois sur WebDAV pour délivrer le payload. (!)

Ça change un peu des chaînes directes habituelles en PowerShell / MSHTA / WScript : ici, l’accès initial passe par >net use, montage du partage distant, exécution du batch comme un fichier local, puis démontage.

Cible : Windows uniquement.

Le move est intéressant : moins de dépendance aux interpréteurs/lolbins ultra-monitorés, et un abus de WebDAV qui peut passer plus discrètement si ce n’est pas surveillé.

Source du finding Daniel
👇
https://www.linkedin.com/posts/daniel-b1_clickfix-webdav-atos-ugcPost-7441043660613398528-98ey

Analyse Atos
👇
https://atos.net/en/lp/cybershield/investigating-a-new-click-fix-variant

Pour ceux qui veulent enrichir la détection / le blocage :
la petite liste à zigouiller dans vos firewalls et filtres DNS
👇
https://threatfox.abuse.ch/browse/tag/WebDav/

Et en bonus : recette de chasse / pivot en image via Onyphe.

Et en bonus : recette de chasse / pivot en image via #Onyphe.

#CyberVeille #WebDav #blueteam

ccinfo.nl 3d ago

Cyber Journaal S02E33: Gemeente Epe 600K bestanden gestolen via ClickFix. AI agent hackt McKinsey in 2 uur. EU sanctioneert cyberbedrijven. Belgisch DNS filter direct actief.

➤ https://www.ccinfo.nl/journaal/3071519_clickfix-treft-gemeente-epe-ai-hackt-mckinsey-eu-sancties

#cybersecurity #ClickFix #infosec

ClickFix treft gemeente Epe, AI hackt McKinsey, EU sancties

Gemeente Epe 600.000 bestanden gestolen via ClickFix. AI agent hackt McKinsey in 2 uur. EU sancties tegen Chinese en Iraanse cyberbedrijven.

The New Oil 4d ago

#LeakNet #ransomware uses #ClickFix, #Deno runtime in stealthy attacks

https://www.bleepingcomputer.com/news/security/leaknet-ransomware-uses-clickfix-and-deno-runtime-for-stealthy-attacks/

#cybersecurity

LeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript.

BleepingComputer

Hackread.com 4d ago

Watch out as a new ClickFix scam tricks Windows users into running hidden commands that map hacker-controlled drives and load malware through trusted apps.

Read: https://hackread.com/clickfix-scam-users-mapping-hacker-controlled-drives/

#CyberSecurity #ClickFix #Windows #Malware #Scam

New ClickFix Scam Tricks Users Into Mapping Hacker-Controlled Drives

A new ClickFix scam tricks Windows users into running hidden commands that map hacker-controlled drives and load malware through trusted apps.

Hackread - Cybersecurity News, Data Breaches, AI and More

Italian News by RSS 5d ago

Punto Informatico: Siti web distribuiscono malware con finti CAPTCHA

Una nuova variante del noto attacco ClickFix sfrutta i CAPTCHA su siti WordPress compromessi per ingannare l'utente e installare l'infostealer Vidar.
The post Siti web distribuiscono malware con finti CAPTCHA appeared first on Punto Informatico.

Websites are distributing malware using fake CAPTCHAs.

A new variant of the well-known ClickFix attack exploits CAPTCHAs on compromised WordPress sites to trick the user and install the info-stealer Vidar.
The post Websites distribute malware with fake CAPTCHAs appeared first on Punto Informatico.

#ClickFix #WordPress #Vidar #first #PuntoInformatico

https://www.punto-informatico.it/siti-web-distribuiscono-malware-finti-captcha/

Siti web distribuiscono malware con finti CAPTCHA

Una nuova variante del noto attacco ClickFix sfrutta i CAPTCHA su siti WordPress compromessi per ingannare l'utente e installare l'infostealer Vidar.

Punto Informatico

Hackread.com 5d ago

Watch out as hackers are abusing fake Claude AI tools in a #ClickFix campaign to spread MacSync infostealer malware via #GoogleAds.

Read: https://hackread.com/clickfix-attack-devs-macsync-malware-fake-claude-tools/

#CyberSecurity #Infostealer #AI #Claude #MacOS

ClickFix Attack Targets Devs with MacSync Malware via Fake Claude Tools

Cybersecurity researchers at 7AI have revealed a new Claude Fraud campaign in which hackers use fake AI extensions and Google ads to steal data from tech professionals.

Hackread - Cybersecurity News, Data Breaches, AI and More

Cyber Tips Guide 5d ago

New ClickFix variant shows how far “copy/paste this into Win+R” can go. Attackers use NetUse + WebDAV to deliver a trojanized WorkFlowy Electron app that beacons to C2 & evades EDR, found through threat hunting.🔗https://zurl.co/V1CHY #ClickFix #ThreatHunting #infosec