Bleeping Computer reports:
ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in recent espionage campaigns.
ClickFix is a social engineering tactic where malicious websites impersonate legitimate software or document-sharing platforms. Targets are lured via phishing or malvertising and shown fake error messages that claim a document or download failed.
Victims are then prompted to click a “Fix” button, which instructs them to run a PowerShell or command-line script, leading to the execution of malware on their devices.
Read more at Bleeping Computer.
In February, Microsoft Threat Intelligence reported that it had observed North Korean state actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a then-new tactic: tricking targets into running PowerShell as an administrator and then pasting and running code provided by the threat actor.
