Securonix alerts about the advanced ClickFix campaign targeting the hospitality industry, involving phishing emails with fake Booking.com reservations and fake CAPTCHA errors. The malware ultimately deploys a resilient DCRat variant through a complex infection chain, including browser errors and PowerShell commands. #ClickFix #DCRat #Phishing #BlueScreenOfDeath
Keypoints
- The campaign uses phishing emails claiming to be reservation cancellations to lure victims.
- Victims landing on fake websites are shown deceptive CAPTCHA errors and fake BSOD screens.
- The attack chain involves triggering PowerShell commands to download malicious payloads via MSBuild.
- The final payload is a sophisticated DCRat variant that bypasses security measures and maintains persistence.
- Russian threat actors appear to be behind a botnet infrastructure capable of resisting takedowns.
Read More: https://www.securityweek.com/sophisticated-clickfix-campaign-targeting-hospitality-sector/