- You can make a photo come alive with TikTok's new AI tool - here's how
- Trello adds 4 major project management features I didn't know I needed - and they're free
- This 16-inch Dell Inspiron is one of the most versatile laptops I've tested, and it's $200 off right now
- How to use your Android phone as a webcam when your laptop's default won't cut it
- Android Enterprise Launches Device Trust For Enhanced Security
Rising ClickFix malware distribution trick puts PowerShell IT policies on notice
Even cyber-espionage groups seem to have adopted the ClickFix technique. Toward the end of October, an APT group tracked as UAC-0050 that has a history of targeting organizations from Ukraine launched a phishing campaign in Ukrainian that used fake notifications about shared documents to direct users to an attacker-controlled website. The website used the combination of reCAPTCHA Phish and ClickFix to trick users into running PowerShell as part of a CAPTCHA challenge. The code deployed a rarely used information stealer dubbed Lucky Volunteer.
Mitigation
Installed on Windows by default, PowerShell is a very powerful scripting language and environment designed to simplify and automate system administration tasks. Because of its wide adoption in malware attacks over the past 10 years, security products monitor for potentially malicious PowerShell invocations.
However, they often look for instances where PowerShell scripts are being executed by other processes, because that’s how PowerShell is typically abused — as part of a larger attack chain, such as being launched by malicious Microsoft Word macros, or a malware dropper downloading and executing a malicious PowerShell script to deploy additional payloads.
