Interlock ransomware: what you need to know - "We don’t just want payment; we want accountability." The malicious hackers behind the I... https://www.tripwire.com/state-of-security/interlock-ransomware-what-you-need-know #ransomware #databreach #guestblog #interlock #clickfix #malware
"We don’t just want payment; we want accountability." The malicious hackers behind the Interlock ransomware try to justify their attacks.
Learn more about what you need to know about Interlock in my article on the Tripwire blog.
https://www.tripwire.com/state-of-security/interlock-ransomware-what-you-need-know
TikTok staat bekend als platform voor creatieve content maar wordt nu ook gebruikt als lokaas voor cybercriminelen.
Podcast Youtube: https://youtu.be/cPADO5G5kJ0?si=7n-L01IBSzdX67DL
Podcast Spotify: https://open.spotify.com/episode/2ZcrbUvXIOfBpPuaq7VQt7?si=61ccef7960ac43c7
Artikel Cybercrimeinfo: https://www.ccinfo.nl/menu-onderwijs-ontwikkeling/cybercrime/malware/2527960_hoe-tiktok-verandert-in-een-digitale-valstrik-infostealer-malware-via-virale-video-s
Fake software activation videos on TikTok spread Vidar, StealC – Source: securityaffairs.com https://ciso2ciso.com/fake-software-activation-videos-on-tiktok-spread-vidar-stealc-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #Stealcstealer #BreakingNews #SecurityNews #hackingnews #CyberCrime #Cybercrime #ClickFix #Security #hacking #Malware #TikTok #AI
Infostealery rozprzestrzeniają się przez TikTok i technikę ClickFix – szczegóły techniczne kampanii
W ostatnich tygodniach badacze bezpieczeństwa zaobserwowali nietypową, skuteczną kampanię malware, w której cyberprzestępcy wykorzystują popularność TikToka do dystrybucji złośliwego oprogramowania typu infostealer (m.in. Vidar, StealC, Latrodectus). Atak opiera się na tzw. technice ClickFix, polegającej na nakłanianiu użytkowników do samodzielnego uruchamiania złośliwych poleceń PowerShell. Poniżej przedstawiamy szczegółową analizę tej kampanii oraz...
Ich weiß ja nicht, wo ihr euch so herumtreibt, aber das könnte eventuell wichtig sein.
Another good deep dive into how some of these #ClickFix campaigns work, with #ioc included
From: @VirusBulletin
https://infosec.exchange/@VirusBulletin/114556477032851770
State-sponsored threat actors often leverage techniques first developed and deployed by cybercriminal actors. One example is #ClickFix, a highly effective technique that involves clever #socialengineering.
Listen as Proofpoint threat research experts Selena Larson, Sarah Sabotka, and Saher Naumaan deep dive into how modern #espionage and #cybercrime are increasingly blurring lines.
Stream DISCARDED now:
Apple Podcasts: https://brnw.ch/21wSNbM
Spotify: https://brnw.ch/21wSNbL
Web player: https://brnw.ch/21wSNbN
Reposting this since the first go-round coincided with some hosting trubz.
Here's a quick review of some of the easy wins against #ClickFix!
I think I have a nice compromise #ClickFix ...fix for those places that just can't live without some Explorer niceties.
There is an alternative to the "Disable Windows shortcuts" GPO, which not only disables Win+ shortcuts, but also things like using UNC paths in the Explorer address bar.
Of course, Geoff Chappell lights the way.
I believe that GPO applies the REST_NORUN reg key and not REST_NOWINKEYS policies—despite the name.
If I apply the REST_NORUN reg setting directly, I get the same behavior as the GPO. The popup pictured here appears.
But if I instead set the REST_NOWINKEYS dialog, the Win+R shortcut is disabled, but other stuff (like UNC paths in explorer) still works! Now, this doesn't remove the Run command from the start menu, but it is at least a safety. Oh and one more thing: because that shortcut is now unregistered, you can register it yourself for something like a lil daemon that pops a message box saying Hey did a website tell you to do this? Don't!
You can try both settings.
REST_NORUN: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
REST_NOWINKEYS: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys
UPDATE: You can additionally disable only Win+R by setting HKEY_CURRENT_USER\SOFTWARE\Microsoft\CurrentVersion\Explorer\Advanced\DisabledHotkeys to a String value containing the Win shortcuts you want to disable. So a single R will do the trick. Note this only works at the user level.
New ClickFix campaign alert! This evolving cyberattack now targets both Windows & Linux users by tricking them into running malicious console commands under the guise of “browser updates” or CAPTCHA tests. 
Currently harmless but watch out! Threat actor: APT36 (Pakistan). Stay safe & informed! 
#CyberSecurity #ClickFix #Linux #Windows #APT36 #InfoSec #TechRadar #newz
New ClickFix Attacks Target Linux: A Shift in Cyber Threat Landscape
In a surprising twist, hackers are now adapting ClickFix attacks to target Linux systems, previously dominated by Windows vulnerabilities. This development highlights the evolving tactics of cybercrim...
https://news.lavx.hu/article/new-clickfix-attacks-target-linux-a-shift-in-cyber-threat-landscape
FWIW, 100% of #ClickFix attacks I've seen have added some kind of inline comment at the end of the command string like I am not a robot to sell the ruse. Definitely worth a threat hunt on command line history.
2025-04-22 (Tuesday): Always fun to find the fake CAPTCHA pages with the #ClickFix style instructions trying to convince viewers to infect their computers with malware.
Saw #StealC from an infection today.
Indicators available at https://github.com/malware-traffic/indicators/blob/main/2025-04-22-IOCs-for-ClickFix-style-campaign-leading-to-StealC-infection.txt
![Step 1: Search for bsc-dataseed.binance[.]org on URLscan (urlscan.io). You can sign up for a URLscan account for free. The search results should contain pages from legitimate sites that have been compromised for this campaign.](https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/383/708/251/785/994/original/b41fb5810e3d780c.png "Step 1: Search for bsc-dataseed.binance[.]org on URLscan (urlscan.io). You can sign up for a URLscan account for free. The search results should contain pages from legitimate sites that have been compromised for this campaign.")
North Korea, Iran, and Russia-backed hackers are using a social engineering trick called ClickFix to run malicious code on victims’ machines.
Read: https://hackread.com/north-korea-iran-russia-hackers-clickfix-attacks/
This #threatintel research published by Proofpoint is really good. In-depth article including dozens of TTPs and IOCs related to the use of the #ClickFix social engineering technique for system compromise. Lots of detection and prevention opportunities here.
#cybersecurity
From: @threatinsight
https://infosec.exchange/@threatinsight/114355487219374694
