A new ClickFix social engineering campaign targets the European hospitality industry by using fake BSOD screens to trick users into executing malware. This attack involves sophisticated fake websites, fake error messages, and malware deployment for remote access and data theft. #ClickFix #PHALT#BLYX #DCRAT #Booking.com
Keypoints
- The campaign impersonates Booking.com reservation cancellations to lure victims.
- Fake BSOD screens prompt users to run malicious commands leading to malware infection.
- The malware used is a Remote Access Trojan called DCRAT, supporting remote control features.
- The malware establishes persistence and grants attackers system access for various malicious activities.
- Attackers utilize fake websites with authentic branding to carry out social engineering ploys.