A new version of the Interlock ransomware groupβs RAT is being distributed through compromised websites using a variant of the ClickFix attack, leveraging social engineering to infect victims. Threat actors employ advanced techniques like PHP-based malware variants and Cloudflare tunnels for command-and-control communication, targeting multiple industries. #InterlockRAT #KongTuke #NodeSnake #CloudflareTunnel
Keypoints
- The Interlock RAT is distributed via compromised websites using the ClickFix and FileFix attack variants.
- The malware fingerprinting and exfiltration are conducted through PowerShell commands after infection.
- Threat actors utilize PHP and Node.js variants to maintain access and operate within compromised networks.
- They rely on Cloudflare tunnels and RDP for command-and-control and lateral movement activities.
- The attack campaign targets multiple industries with a sophisticated and evolving threat infrastructure.
Read More: https://www.securityweek.com/new-interlock-rat-variant-distributed-via-filefix-attacks/