- Hunt.io researchers saw a Linux-based clickfix attack
- At the moment, it is still harmless
- Researchers believe that a Pakistani threat is behind the actor attacks
Clickfix, a type of attack that commands people to download malware to run the console, is developing once again thinking that they are fixing a problem.
This time, from cyber security researchers Hunt.io He said that he saw the attack targeting Linux equipment.
Originally, the clickfix was designed for Windows devices, but at some point, also expanded into Macos. Linux, for the most part, was spared. So far.
Clickfix Strike Linux
Clickfix works in a simple way – a website is compromised and used to show popup. This popup usually tells the visitor that they need to “update” their browser to see the material, or to confirm that they are human.
For that “update” or “verification” process, the user needs to copy a command on the clipboard, paste, paste and run it. This may look like a stretch, but it is relatively successful, as many cyber security companies are warning about the new clickfix campaigns left and right.
Hunt.io blamed a Pakistani threat actor named APT36, or transparent tribe to the new wire of attacks. It uses a fake ministry Ministry of Defense for a fake press release, which has a link to a fake press release. When a victim tries to navigate in a press release, the site analyzes their OS, and then redirect them to the flow of this attack.
For Linux, the victims are redirected to a captcha page that copies a shell command when they click on the “I am not a robot” button. They are then asked to press the Alt+F2 to bring the Linux run dialogue, and the command is asked to paste and run.
The good news is that the attack was seen even while in the experimental stage, which means that it has not been a significant loss, yet. Obviously, all shell commands download a harmless JPEG file. However, things can be sour at any point.
“Any additional activity, such as perseverance mechanisms, lateral movement or outbound communication, was seen during execution,” the researchers explained.
Through BlappingCopper
