CyberSecurityBoard
Sponsor Register Login

Hackers now testing ClickFix attacks against Linux targets

A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible. However, it is possible that APT36 is currently experimenting to determine the effectiveness of the Linux infection chain, as they would just need to swap out the image for a shell script to install malware or perform other malicious activity. These attacks have traditionally targeted Windows systems, prompting targets to execute PowerShell scripts from the Windows Run command, resulting in info-stealer malware infections and even ransomware. The command drops the 'mapeal.sh' payload on the target's system, which, according to Hunt.io, does not perform any malicious actions in its current version, limited to fetching a JPEG image from the attacker's server. ClickFix is a social engineering tactic where fake verification systems or application errors are used to trick website visitors into running console commands that install malware. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Clicking on 'Continue' triggers JavaScript that copies a malicious MSHTA command to the victim's clipboard, who is instructed to paste and execute it on the Windows terminal. A more recent campaign spotted by Hunt.io researchers last week is among the first to adapt this social engineering technique for Linux systems. The attack, which is attributed to the Pakistan-linked threat group APT36 (aka "Transparent Tribe"), utilizes a website that impersonates India's Ministry of Defence with a link to an allegedly official press release. The victim is then guided to press ALT+F2 to open a Linux run dialog, paste the command into it, and then press Enter to execute it. The adaptation of ClickFix to carry out attacks on Linux is another testament to its effectiveness, as the attack type has now been used against all three major desktop OS platforms. When visitors click on this website link, they are profiled by the platform to determine their operating system, and then redirected to the correct attack flow.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 12 May 2025 18:14:53 +0000


Cyber News related to Hackers now testing ClickFix attacks against Linux targets

Microservices Resilient Testing Framework - As organizations increasingly embrace the microservices approach, the need for a resilient testing framework becomes important for the reliability, scalability, and security of these distributed systems. From preemptive problem-solving to the ...
1 year ago Feeds.dzone.com
How Does Automated API Testing Differ from Manual API Testing: Unveiling the Advantages - Delve into automated versus manual API testing for efficient software delivery. See how automation speeds validation while manual testing provides human insight, ensuring comprehensive coverage for robust development. In the domain of software ...
1 year ago Hackread.com
How to do Penetration Testing effectively - In today's digital era, penetration testing has become crucial to an organisation's cybersecurity strategy. From network penetration testing to web application and mobile app penetration testing, a comprehensive pen test covers a wide range of attack ...
1 year ago Securityboulevard.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
2 months ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago
Interlock ransomware gang pushes fake IT tools in ClickFix attacks - The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. Though this isn't the first time ClickFix has been linked to ransomware infections, ...
1 month ago Bleepingcomputer.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
How to Use Pen Testing to Find Vulnerabilities - One effective method for conducting an information security audit is through penetration testing. The contractor would conduct thorough testing and provide detailed penetration reports, complete with recommendations for safeguarding corporate data. ...
1 year ago Feeds.dzone.com
State Sponsored Hackers Now Widely Using ClickFix Attack Technique in Espionage Campaigns - While currently limited to experimental usage by these state-sponsored groups, the increasing popularity of ClickFix in both cybercrime and espionage campaigns suggests the technique will likely become more widely adopted as threat actors continue to ...
1 month ago Cybersecuritynews.com Kimsuky MuddyWater
Hackers now testing ClickFix attacks against Linux targets - A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible. However, it is possible that APT36 is currently experimenting to ...
2 weeks ago Bleepingcomputer.com Transparent Tribe APT3
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
Application Security Testing Explained - That's precisely why application security is a top priority for security teams and a crucial consideration for DevOps. Application security testing is like giving your software a thorough health check to ensure it's robust and resilient against cyber ...
1 year ago Securityboulevard.com
Conducting Penetration Testing - CISO’s Resource Guide - By taking a proactive, business-aligned approach, CISOs can transform penetration testing from a compliance exercise into a powerful tool for resilience and competitive advantage, ensuring their organizations are prepared for the future. By embedding ...
1 month ago Cybersecuritynews.com
Hackers Employ New ClickFix Captcha Technique to Deliver Ransomware - The integration of Qakbot with the ClickFix technique allows attackers to bypass traditional security measures by leveraging user interaction to execute malicious commands. A sophisticated social engineering technique known as ClickFix has emerged, ...
2 months ago Cybersecuritynews.com
Product showcase: ImmuniWeb AI Platform - ImmuniWeb is a global application security company that currently serves over 1,000 customers from more than 50 countries. ImmuniWeb AI Platform has received numerous prestigious awards and industry recognitions for intelligent automation and ...
1 year ago Helpnetsecurity.com
North Korean hackers adopt ClickFix attacks to target crypto firms - Sekoia says that Lazarus impersonates numerous well-known companies in the latest campaign, including Coinbase, KuCoin, Kraken, Circle, Securitize, BlockFi, Tether, Robinhood, and Bybit, from which the North Korean threat actors recently stole a ...
2 months ago Bleepingcomputer.com
State-sponsored hackers embrace ClickFix social engineering tactic - Proofpoint reports that APT28, a GRU unit, also used ClickFix as early as October 2024, using phishing emails mimicking a Google Spreadsheet, a reCAPTCHA step, and PowerShell execution instructions conveyed via a pop-up. ClickFix attacks are gaining ...
1 month ago Bleepingcomputer.com APT28 Kimsuky MuddyWater
MDR vs. Traditional Security Operations: What’s Right For Your Penetration Testing Team? - By understanding the technical differences between traditional security operations and MDR, penetration testing teams can make informed decisions that enhance their ability to protect against modern cyber threats. Choosing between traditional ...
1 month ago Cybersecuritynews.com
What is App Security? SAST, DAST, IAST, and RASP. - Effective application security relies on well-defined processes and a diverse array of specialized tools to provide protection against unauthorized access and attacks. Security testing is a critical part of an application security strategy and should ...
1 year ago Feeds.dzone.com
How AI is revolutionizing "shift left" testing in API security - Catching coding errors in API preproduction, before they are spun up and go live is critical in preventing exploitable vulnerabilities. For developers who are not security experts, fixing code or knowing business logic abuse possibilities can be ...
1 year ago Helpnetsecurity.com
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
1 year ago Techtarget.com
New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint - A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. Threat actors have also begun to evolve the ...
2 months ago Bleepingcomputer.com
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
1 year ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-40477 APT28
ClickFix attack delivers infostealers, RATs in fake Booking.com emails - Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. In the phishing campaign discovered by ...
2 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)