BleepingComputer reports that attacks with the ClickFix social engineering technique have been deployed by Pakistan-linked threat operation APT36, also known as Transparent Tribe, against both Windows and Linux systems.
APT36 leveraged an Indian Ministry of Defence-impersonating website with a link to a press release, which when clicked redirects Windows users to a full-screen content usage rights warning page with a 'Continue' button, which copies and executes a malicious MSHTA command that deploys a .NET-based loader, an analysis from Hunt.io researchers revealed. On the other hand, intrusions against Linux involved the copying of a shell command and lures to execute the command in a Linux run dialog, which will then be followed by the launch of a nonfunctional 'mapeal.sh' payload. With the payload only downloading a JPEG image and not conducting any other malicious activity, such intrusions may have only been part of APT36's tests of the technique's effectiveness against Linux systems, according to researchers.
APT36 leveraged an Indian Ministry of Defence-impersonating website with a link to a press release, which when clicked redirects Windows users to a full-screen content usage rights warning page with a 'Continue' button, which copies and executes a malicious MSHTA command that deploys a .NET-based loader, an analysis from Hunt.io researchers revealed. On the other hand, intrusions against Linux involved the copying of a shell command and lures to execute the command in a Linux run dialog, which will then be followed by the launch of a nonfunctional 'mapeal.sh' payload. With the payload only downloading a JPEG image and not conducting any other malicious activity, such intrusions may have only been part of APT36's tests of the technique's effectiveness against Linux systems, according to researchers.
