Found a new way to release payload

A new payload "ClickFix" has been found lurking in the web browser's cache.

ClickFix may be a familiar name at this time because it is the name of a crash screen or fake Error to trick a victim into installing malware, but this name is so famous that it is used as a new malware or payload release method that may have something similar to ClickFix that many people are familiar with but not quite.

According to a report by the website Cyber Press, the detection of a new Payload slack tool called ClickFix by an independent research team from Dark Web Informer says that this new method is different from the original ClickFix scam. While it is also a fraudulent error display, the user will only click one click. It will immediately drop the payload from the cache of the web browser to install malware on the machine. This method can be used by hackers who release the tool via an underground web board. It boasts that it will make the Endpoint Detection and Response undetectable because the tool will only see the remains of the remaining files.

In that use, hackers send fraudulent links to the victim, deceiving that the web browser needs to be updated urgently. If the victim presses the link, a pop up screen appears, or a short cut, "Click to Fix Cache Error," to deceive that the web browser's cache has a problem. It must be pressed to correct it. After pressing this appearance, the script will start working in the background to gradually download a payload with only a few kilobytes (KB) of files from the hacker's designated website, which cannot be detected from the hacker. The protection system is placed in the web browser cache folder, such as Chome's, it is the Data / Default / Cache folder, etc., and will rename the file as a temporary file to deceive the victim, such as "cache _ 001.dat."

After that, to run malware without needing to write a file or paste a file into the system folder (System), the malware will also use a smooth command with the file Explorer's exe file. Using the "explore.exe / root, CacheFolder: RunPayload," it can be smooth with the file Explorer process. There is nothing wrong with it. It cannot be detected with the CrowdStrike or Microsoft Defender malware behavior detector. After the malware can be successfully embedded on the machine, the malware can perform a variety of operations, such as data theft, backdoor opening. Or even embedding malware for ransom (Ransomware) can do the same.

This malware is sold on an underground web board with a starting price of US $300 (9,486.75 baht). The buyer will receive a package consisting of source code in JavaScript and PowerShell, a GUI-based Builder, an instruction manual, and a ready-to-use scam template. If the buyer pays an additional US $200 (6,324.20 baht), the buyer can modify the page for phishing victim scams, copying companies. The seller will send the page for Encrypted links. Get Lifetime Update

# Trending # Lemon 8 Howtoo # Drug sign with lemon8 # lemon 8 diary # freedomhack