CloudSEK’s TRIAD team uncovered a malicious development site deploying Clickfix-themed malware linked to the Epsilon Red ransomware. The campaign uses sophisticated social engineering and stealthy remote code execution techniques to infect systems and propagate ransomware. #EpsilonRed #Clickfix #QuasarRAT
Keypoints
- The malware campaign employs ActiveXObject and hidden commands for stealthy payload delivery.
- Victims are redirected to secondary pages mimicking legitimate services to facilitate infection.
- Clickfix-themed malware leverages fake verification messages and impersonates popular online platforms.
- Indicators include malicious domains like twtich.cc and capchabot.cc hosting malicious files and C2 infrastructure.
- Organizations are advised to disable ActiveX, use endpoint detection, and enhance user security awareness.
Read More: https://gbhackers.com/hackers-use-weaponized-hta-files-to-infect-victims/