- I tested a Pixel Tablet without any Google apps, and it's more private than even my iPad
- My search for the best MacBook docking station is over. This one can power it all
- This $500 Motorola proves you don't need to spend more on flagship phones
- Finally, budget wireless earbuds that I wouldn't mind putting my AirPods away for
- I replaced my Linux system with this $200 Windows mini PC - and it left me impressed
Rising ClickFix malware distribution trick puts PowerShell IT policies on notice
Even cyber-espionage groups seem to have adopted the ClickFix technique. Toward the end of October, an APT group tracked as UAC-0050 that has a history of targeting organizations from Ukraine launched a phishing campaign in Ukrainian that used fake notifications about shared documents to direct users to an attacker-controlled website. The website used the combination of reCAPTCHA Phish and ClickFix to trick users into running PowerShell as part of a CAPTCHA challenge. The code deployed a rarely used information stealer dubbed Lucky Volunteer.
Mitigation
Installed on Windows by default, PowerShell is a very powerful scripting language and environment designed to simplify and automate system administration tasks. Because of its wide adoption in malware attacks over the past 10 years, security products monitor for potentially malicious PowerShell invocations.
However, they often look for instances where PowerShell scripts are being executed by other processes, because that’s how PowerShell is typically abused — as part of a larger attack chain, such as being launched by malicious Microsoft Word macros, or a malware dropper downloading and executing a malicious PowerShell script to deploy additional payloads.
