HackRead reports that Windows systems have been subjected to a novel ClickFix attack campaign that leverages fraudulent CAPTCHA pages in the lead up to illicit command execution.Threat actors have used a bogus CAPTCHA security check or browser error to trick targets into pasting and executing a certain command through the Windows Run dialog, with the subsequent exploitation of the cmdkey and regsvr32 utilities leading to credential staging and DLL retrieval for persistence, while ensuring stealth, according to the CyberProof Threat Research Team. With the XML file containing illicit commands stored on their servers, attackers could easily alter instructions without having to deliver another file. Determining the actors' next move has also been complicated by the takedown of their server."By relying exclusively on trusted Windows components and avoiding obvious malware drops, the attacker achieves a high degree of stealth while maintaining execution reliability," said researchers, who warned users against copy-pasting code from any website into the Windows Run dialog.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds