ClickFix tactic: The Phantom Meet
Essential information
- Published
- 18/10/2024 15:56
- Modified
- 18/10/2024 16:26
- Tags
- 2024-10-18 amos stealer clickfix cryptocurrency google meet infostealer phishing rhadamanthys social engineering stealc web3
- Related entities
- 171 observables, 1 intrusion sets (apt), 9 techniques (mitre), 3 malware, 1 others
Description
This analysis explores the ClickFix social engineering tactic that emerged in 2024, focusing on a cluster impersonating Google Meet pages to distribute malware. The tactic tricks users into running malicious code by displaying fake error messages. The investigated cluster targets both Windows and macOS systems, spreading infostealers like Stealc, Rhadamanthys, and AMOS Stealer. The operation is linked to cybercrime groups 'Slavic Nation Empire' and 'Scamquerteo', sub-teams of larger cryptocurrency scam organizations. The report details the infection chain, infrastructure, and provides insights into the broader malware distribution ecosystem associated with these threat actors.