ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

ClickFix attack campaigns have evolved to use the nslookup DNS lookup command instead of previously blocked PowerShell or mshta commands to deliver ModeloRAT, a Python-based remote access Trojan targeting Windows systems. Attackers abuse DNS to smuggle payloads by parsing the 'Name:' field of DNS responses, blending malicious traffic into normal network activity. The infection chain downloads a ZIP archive, extracts a Python script, and drops a Visual Basic Script to execute the RAT. The social engineering component remains unchanged: fake CAPTCHA pages trick users into pasting malicious commands themselves. Malwarebytes advises users to slow down when prompted to run commands, avoid copy-pasting code from untrusted sources, and verify instructions through official channels.

ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT