There’s a new threat actor group called Interlock which is now taking advantage of the C;lickFix tactic that the Lazarus group started in their campaigns.
Basicly, if you get hit with something that says you’ve got a problem and select the fix it button, the site will give you a command to run either in the run dialogue or the command prompt.
Most people will be familiar more with the run dialogue than the command prompt, and that’s OK.
This also exfiltrates data as well as the aforementioned threat of legal action if you do not pay if its a ransom attack.
Per usual, it does also install legitimate software that is used to assist people who need help.
The C2 server does give you various stealers, says the article.
Interlock ransomware gang pushes fake IT tools in ClickFix attacks is the article, this should be read as it targets Windows as described above but it also targets Linux.
Be aware. Be alert.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.