Information-stealing payloads are being spread via bogus Windows update screens as part of a new ClickFix attack campaign that has targeted organizations in the U.S., EMEA, and Asia-Pacific and Japan regions between Sep. 29 and Oct. 30, according to The Register.Attacks commenced with the appearance of a blue Windows update screen in full-screen mode upon visiting a malicious site, followed by lures urging the installation of a "critical security update" through a set of instructions that trigger PowerShell code execution and steganographic loader deployment, eventually resulting in the delivery of the Rhadamanthys infostealer, a report from Huntress revealed.Additional findings noted the continued operations of domains hosting the Windows Update lures spreading Rhadamanthys despite the infostealer's disruption in a law enforcement effort this month."All of these lures point to the same hex-encoded URL structure previously linked to the deployment of Rhadamanthys, although it appears this payload is no longer being hosted," said Huntress researchers.
