Summary: Cybersecurity researchers have raised alarms over a sophisticated phishing campaign employing the ClickFix technique and leveraging the Havoc command-and-control framework. By utilizing a SharePoint site to mask malware delivery, threat actors are executing a series of malicious scripts to compromise victims’ systems. The campaign also highlights ongoing exploitation of Google Ads policies to mislead users searching for legitimate support services, particularly targeting PayPal customers.
Affected: Organizations using Microsoft services and PayPal customers
Keypoints :
- Phishing emails with an HTML attachment initiate the attack by prompting users to execute a PowerShell command.
- The PowerShell script downloads additional malicious components from a SharePoint server, including a Python interpreter and shellcode loader.
- Exploitation of Google Ads allows scammers to impersonate trusted websites and deceive users into providing sensitive information.
Source: https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html