216.73.216.133

From ClickFix deception to information stealer deployment

· Published 18/06/2025 12:27 · Modified 18/06/2025 13:00

Export JSON

Essential information

Published
18/06/2025 12:27
Modified
18/06/2025 13:00
Tags
2025-06-18 arechclient2 clickfix eddiestealer ghostpulse infostealer lumma multi-stage attack remote access trojan social engineering
Related entities
47 observables, 11 techniques (mitre), 4 malware

Description

The article describes a surge in campaigns using to deploy Remote Access Trojans and data-stealing malware. It analyzes a that begins with , deploys loader, and ultimately delivers , a potent and . The campaign exploits user psychology, bypasses traditional defenses, and has seen increased activity in 2025. The analysis covers the infection chain, technical details of and , and the associated infrastructure. The attack targets a wide range of sensitive user data and system information, including cryptocurrency wallets, browser data, and system details.

External references