New Interlock RAT Variant Distributed via FileFix Attacks
securityweek
A new version of the Interlock ransomware group’s RAT is being distributed via compromised websites using a variant of the ClickFix attack, security researchers warn.
A social engineering technique, ClickFix relies on malicious code injected into web pages to trick visitors into executing malicious code on their systems under the disguise of performing an update, resolving an error, or verifying they are humans.
FileFix is a variant of the attack in which a prompt notifies the user that a file has been shared with them, and a fake ‘Open File Explorer’ button on the page automatically launches File Explorer and copies PowerShell code to the clipboard.
The victim is then instructed to find the shared file using File Explorer’s address bar by pasting the file’s path and pressing Enter. This, however, leads to the execution of a malicious file, as security researcher mr.d0x reported.
Starting May ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE