Lampion Is Back With ClickFix Lures
Essential information
- Published
- 06/05/2025 10:59
- Modified
- 06/05/2025 15:41
- Tags
- 2025-05-06 clickfix infostealer lampion obfuscation powershell social engineering vbscript
- Related entities
- 10 observables, 1 intrusion sets (apt), 15 techniques (mitre), 1 malware, 4 others
Description
A highly focused malicious campaign targeting Portuguese organizations, particularly in government, finance, and transportation sectors, has been uncovered. The campaign is linked to Lampion malware, an infostealer focusing on banking information. The threat actors have incorporated ClickFix lures, a social engineering technique that tricks victims into executing malicious commands. The infection chain involves multiple stages of obfuscated Visual Basic scripts, evasion techniques, and a complex execution method. While the final payload was not delivered in this instance, the campaign demonstrates the threat actors' adaptation and sophistication. The article emphasizes the importance of enhanced detection capabilities and provides recommendations for security practitioners to address this evolving threat.