Recent threat activity includes a fake AnyDesk installer mimicking ClickFix attacks and utilizing advanced infection strategies involving Cloudflare verification pages and MSI packages. The campaigns also feature the use of the Cephalus ransomware, which employs DLL sideloading to deploy payloads. These evolving tactics highlight the importance of user awareness and advanced detection measures. #MetaStealer #CephalusRansomware
Keypoints
- Threat actors are using fake Cloudflare Turnstile pages to trick users into executing malicious code.
- The attack chain involves redirecting victims to Windows File Explorer and search-ms URIs to launch payloads.
- Malicious LNK files disguised as PDFs lead to the download of MetaStealer malware via MSI packages.
- The MetaStealer malware extracts credentials and steals files from infected systems.
- Organizations should enhance user training and restrict use of Windows Run dialog to prevent such attacks.