216.73.217.80

ClickFix Campaign Generated Via AI Delivers SmartRAT

· Published 17/06/2026 20:20 · Modified 17/06/2026 20:25

Export JSON

Essential information

Published
17/06/2026 20:20
Modified
17/06/2026 20:25
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
ai-generated banana rat banking trojan brazil clickfix credential theft fake captcha ghostloader powershell qr code interception remcos rat smartrat typosquatting
Tags
2026-06-17 ai-generated banana rat banking trojan brazil clickfix credential-theft fake captcha ghostloader powershell qr code interception remcos rat smartrat typosquatting
Related entities
9 indicators, 9 observables, 20 techniques (mitre), 4 malware, 8 others

Description

In March 2026, threat actors leveraged AI-powered website builders to create domains impersonating a Brazilian bank. The campaign employed techniques, presenting victims with and BSOD screens to trick them into executing malicious commands. This delivered , a -based with capabilities including encrypted C2 communications, remote control of screen/keyboard/mouse, through keylogging and banking overlays, and for transaction fraud. The malware establishes persistence via scheduled tasks and Windows services, and targets Brazilian financial institutions, payment platforms, and cryptocurrency exchanges. The threat actors' C2 panel contained critical authentication flaws allowing client-side bypass, suggesting deployment without adequate security review.

External references