216.73.217.139

The rising threat of social engineering through fake fixes

· Published 21/03/2025 10:33 · Modified 21/03/2025 14:46

Export JSON

Essential information

Published
21/03/2025 10:33
Modified
21/03/2025 14:46
Tags
2025-03-21 asyncrat captcha clickfix command line fake fixes phishing powershell social engineering
Related entities
4 observables, 12 techniques (mitre), 1 malware, 6 others

Description

is an emerging tactic that manipulates users into executing malicious actions under the guise of troubleshooting or system maintenance. Attackers present fake error messages, verifications, or system prompts to convince users to take actions that compromise their devices, often by manually copying and pasting malicious commands into the . This method bypasses modern security solutions by tricking users into executing commands themselves. Recent campaigns like OBSCURE#BAT and Storm-1865 have targeted various industries and regions. The attack vector has been observed in Field Effect's telemetry, with attempts to deploy and other malware. Mitigation strategies include restricting use, deploying advanced threat detection solutions, enhancing email and web filtering, training users, and maintaining up-to-date security measures.

External references