The growing ClickFix deployment strategy puts PowerShell’s IT policies on notice

Even cyber-espionage groups seem to have used the ClickFix process. In late October, an APT group tracked as UAC-0050 with a history of targeting organizations from Ukraine launched a Ukrainian-language phishing campaign that used fake notifications about shared documents to direct users to a website controlled by the attacker. The website used a combination of reCAPTCHA Phish and ClickFix to trick users into using PowerShell as part of the CAPTCHA challenge. The code released a rarely used hacker called Lucky Volunteer.

Reduction

Included in Windows by default, PowerShell is a very powerful scripting language and environment designed to simplify and perform system administration tasks. Because of its widespread use in malware attacks over the past 10 years, security products monitor for potentially malicious PowerShell invocations.

However, they tend to look at situations where PowerShell scripts are used by other processes, because that’s how PowerShell is often abused – as part of a larger chain of attacks, such as launching malicious Microsoft Word macros, or downloading and executing malware. malicious PowerShell script to extract additional payloads.


Source link