Once executed, the malware begins its covert operation to harvest banking credentials, credit card information, and other sensitive financial data from compromised systems. A sophisticated banking trojan known as Lampion has resurfaced with an evolved attack strategy, now exploiting fake ClickFix utility lures to harvest sensitive banking credentials from unsuspecting victims. This banking malware, first identified in late 2019, has undergone significant modifications to enhance its effectiveness in compromising financial data across multiple European banking institutions. Banking institutions have been forced to implement additional security measures while working with cybersecurity teams to mitigate ongoing threats. According to their findings, the campaign primarily targets banking customers in Portugal, Spain, and other European regions with customized lures in various languages. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The latest campaign demonstrates the malware operators’ continued adaptation and refinement of social engineering techniques to maximize infection rates. The current distribution method leverages fraudulent emails impersonating legitimate software update services, specifically mimicking a fictitious utility called “ClickFix” that purportedly resolves browser compatibility issues. Their analysis revealed sophisticated obfuscation techniques designed to bypass traditional security solutions while maintaining persistent access to infected systems. The infection chain begins when users download the fake ClickFix utility, which executes a highly obfuscated VBScript that establishes persistence through registry modifications. These phishing emails contain malicious attachments or links directing victims to download what appears to be a browser repair tool, but instead delivers the Lampion payload. The malware then deploys advanced hooking techniques to intercept banking sessions while remaining undetected. The financial impact of this campaign has been substantial, with numerous victims reporting unauthorized transactions following infection. The widespread nature of these attacks highlights the continuing evolution of financial malware as a persistent threat to both individual consumers and financial organizations.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 07 May 2025 16:44:58 +0000