From Clipboard to Compromise: A PowerShell Self-Pwn
Essential information
- Published
- 17/06/2024 11:23
- Modified
- 17/06/2024 11:38
- Tags
- 2024-06-17 amadey loader compromise darkgate jaskago lumma stealer malicious script malware matanbuchus netsupport powershell social engineering vidar stealer xmrig
- Related entities
- 14 observables, 1 intrusion sets (apt), 9 techniques (mitre), 8 malware
Description
This intelligence report details a unique social engineering technique observed by Proofpoint researchers, leveraging users to copy and paste malicious PowerShell scripts to infect their computers. The threat actors TA571 and ClearFake activity cluster employ this method to deliver malware like DarkGate, Matanbuchus, NetSupport, and various information stealers. Despite requiring significant user interaction, the clever social engineering presents an apparent problem and solution simultaneously, prompting users to act without considering the risks.