A new ClickFix social engineering proof-of-concept attack uses AI summaries to deliver ransomware.
Threat monitoring vendor CloudSEK published research today regarding a ClickFix proof-of-concept (POC) exploit. ClickFix is an increasingly popular social engineering tactic in which an attacker displays an error message or call to action instructing the target to execute self-sabotaging commands.
For instance, in March, Microsoft published research describing how a threat actor tracked as Storm-1865 impersonated Booking.com
in order to conduct ClickFix attacks over email. In another example, a threat actor infected streaming service LES Automotive to target its downstream customers. The service (through the attacker) briefly displayed a phony reCAPTCHA challenge, urging customer website visitors to paste a malicious command into a Windows Run prompt. More than 100 websites belonging to car dealerships briefly served malicious attacker code
during the incident.
In this latest proof-of-concept exploit, CloudSEK showed how a threat actor could craft content that would manipulate AI-generated text summaries into displaying malicious Windows Run commands.
Hackers now testing ClickFix attacks against Linux targets
TikTok videos now push infostealer malware in ClickFix attacks
Hackers Weaponize SVG Files and Office Documents to Target Windows Users