216.73.217.19

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

· Published 18/10/2024 14:09 · Modified 21/10/2024 09:54

Export JSON

Essential information

Published
18/10/2024 14:09
Modified
21/10/2024 09:54
Tags
2024-10-18 atomic clickfix google meet infostealers macos powershell rhadamanthys social engineering stealc stealer windows
Related entities
14 techniques (mitre), 3 malware

Description

Threat actors are using fake web pages as part of the campaign to deliver targeting and systems. The attackers display fake error messages in web browsers, tricking users into executing malicious code. The campaign has expanded to impersonate various online services, including Facebook, Google Chrome, and reCAPTCHA. On , the attack deploys and stealers, while users are targeted with the . The tactic evades detection by having users manually run the malicious code. Two traffers groups, Slavic Nation Empire and Scamquerteo, are attributed to this campaign, suggesting shared materials and infrastructure.

External references