cybercriminals Archives

Tech Optimizer

June 27, 2025

ClickFix fake error message malware spikes over 500%, takes second place as the most abused attack vector

The ClickFix attack vector has increased by 517% since the latter half of 2024, becoming the second most exploited method for cyberattacks, following phishing. Hackers are using ClickFix to deploy various infostealing malware, including Lumma Stealer, VidarStealer, StealC, and Danabot. The ClickFix mechanism involves a counterfeit reCAPTCHA that misleads users into executing harmful Powershell commands. This method is primarily spread through phishing emails directing users to fraudulent websites. ESET’s Threat Report indicates that SnakeStealer has surpassed Agent Tesla as the most frequently detected infostealer, targeting businesses in the US and EU for credential theft. The ransomware landscape has been disrupted by internal conflicts among groups, with DragonForce launching defacement campaigns against other ransomware entities. On mobile devices, Kaleidoscope infections have caused a 160% increase in Android adware detections, and the SparkKitty malware has been found in both the Apple App Store and Google Play Store. Kaleidoscope generates revenue through intrusive ads while infecting devices with a malicious app from third-party stores.

Winsage

June 26, 2025

Researchers Demonstrate Windows Registry Manipulation via C++ Program

Cybersecurity researchers have developed a C++ program that demonstrates how attackers manipulate the Windows Registry to establish persistence, evade security measures, and alter system behavior. The Windows Registry is a database for system, application, and user settings, making it a target for malware. Key tactics include: - Persistence: Malware adds entries to auto-start locations to survive system reboots. - Evasion: Attackers modify security-related keys to circumvent defenses. - Privilege Escalation: Weak permissions on service keys can allow redirection of execution paths. The C++ program uses Windows API functions to create or modify registry keys, simulating real-world malware tactics. Key functions include: - RegCreateKeyEx: Opens or creates a registry key. - RegSetValueEx: Writes a value into the specified key. Red teamers use such code to simulate threats, focusing on persistence, configuration tampering, and payload storage. Blue teams can mitigate risks through monitoring, restricting permissions, and endpoint detection. The demonstration emphasizes the importance of ethical testing practices and the need for proactive registry monitoring and least-privilege access controls in cybersecurity.

Winsage

June 25, 2025

New FileFix attack brings ClickFix social engineering to Windows File Explorer — how to stay safe

Researcher mr. d0x has introduced a new variant of the ClickFix social engineering tool called FileFix, which uses the Windows File Explorer address bar as its interface to deceive users into executing harmful commands. FileFix targets corporate employees and employs familiar elements like reCAPTCHA prompts or error messages to spread malware, including infostealers and ransomware. The method integrates malicious commands directly into Windows File Explorer, enhancing its effectiveness by utilizing the environment users are comfortable with. The phishing scheme includes a deceptive ‘Open Fixe Explorer’ button that activates File Explorer and copies a PowerShell command to the clipboard, initially displaying a fake path in the address bar. ClickFix tactics are effective because they manipulate victims into compromising their own security, often exploiting urgency and existing online behaviors. Users are advised to be cautious of verification pop-ups and requests to open command windows, and to share this knowledge to help others navigate safely.

Winsage

June 25, 2025

New FileFix Exploit Uses Windows File Explorer to Run Malicious Commands

A newly identified exploit called "FileFix" manipulates Windows File Explorer to execute harmful commands while remaining within a web browser. Developed by security researcher mr.d0x, it builds on the ClickFix social engineering attack. FileFix uses the file upload feature on websites, prompting users to copy a malicious PowerShell command disguised as a file path. When users paste this path into the File Explorer address bar, it executes the command without their knowledge. The attack exploits familiar workflows, bypassing user skepticism and does not require elevated privileges or complex malware. Security experts warn that FileFix could enable the delivery of infostealers, ransomware, or other malware, posing a significant risk to individuals and organizations. Users are advised to be cautious of instructions to copy and paste file paths from unfamiliar sources, monitor for suspicious processes initiated by browsers, and keep security software updated.

AppWizard

June 25, 2025

Minecraft’s New Villains—This Hostile Mob Steals Everything

Cyber criminals are targeting Minecraft's player base, particularly the 65% of players under 21, who are often less aware of cyber threats. A recent report from Check Point reveals a sophisticated malware campaign that embeds malicious software in counterfeit Minecraft mods shared on platforms like GitHub. This malware operates in stages, starting with a Java downloader, followed by a stealer, and an advanced tool to harvest sensitive information such as passwords and cryptocurrency wallet details. The campaign is linked to Russian-speaking attackers and uses a distribution-as-a-service model to spread malicious links. Disguised as legitimate cheat tools, these files install additional malware on users' devices, capturing credentials from browsers and applications, and sending data back to attackers. To protect against these threats, it is advised to download mods only from trusted sources, be skeptical of cheat tools, keep antivirus software updated, and be cautious of offers that seem too good to be true.

Winsage

June 24, 2025

FileFix attack weaponizes Windows File Explorer for stealthy commands

A cybersecurity researcher named mr.d0x has introduced a new attack method called FileFix, which is a variant of the ClickFix social engineering attack. FileFix allows malicious actors to execute harmful commands on a victim's system through the Windows File Explorer address bar, rather than using the traditional method of pasting commands into PowerShell. The attack still relies on a phishing page, which masquerades as a notification about a shared file, prompting users to paste a path into File Explorer. Attackers can conceal the malicious PowerShell command by embedding it within a dummy file path in a comment, making it invisible in the address bar. Mr.d0x has also implemented measures in the proof-of-concept code to prevent users from selecting files during the attack. The ClickFix method has been effective in deploying malware, including ransomware and state-sponsored operations, with notable examples involving the North Korean hacker group Kimsuky and cybercriminals impersonating Booking.com. FileFix represents an evolution in phishing attacks by providing a more user-friendly interface for executing commands.

AppWizard

June 22, 2025

Minecraft players target of online criminals posing as coders, why it’s a big concern and how can gamers stay safe

The gaming community surrounding Minecraft is facing a threat from cybercriminals posing as game developers, who are deploying malware to extract sensitive information from users. Investigations by Check Point have identified two malware strains linked to Russian criminal organizations on GitHub. The malware targets data from bank accounts, cryptocurrency wallets, and web browsers, with evidence suggesting involvement of Russian-speaking threat actors. Graeme Stewart from Check Point compared the tactics of these cybercriminals to organized retail theft, emphasizing their focus on financial gain. The malware is triggered when users download malicious code disguised as game modifications, leading to the theft of personal information from approximately 1 million players who engage in game modifications. To stay safe, gamers are advised to use strong passwords, update software, monitor account activity, limit personal information shared online, avoid public Wi-Fi, back up account information, and download games from reputable sources.

Winsage

June 18, 2025

It’s time to update Asus Armoury Crate, folks—the latest vulnerability could allow hackers to compromise your Windows OS

A newly discovered vulnerability in Asus Armoury Crate, identified as CVE-2025-3464, has a severity rating of 8.4 out of 10 and allows hackers to gain low-level privileges on Windows systems. The affected versions of Armoury Crate range from V5.9.9.0 to V6.1.18.0. Researcher Marcin "Icewall" Noga from Cisco Talos highlighted this issue, prompting Asus to issue a product security advisory. Users are advised to verify their version of Armoury Crate and update to the latest version if necessary. No incidents of this exploit being actively used have been reported thus far. This is the second vulnerability found in an Asus utility within two months, following a separate issue with DriverHub reported in May.

Tech Optimizer

June 17, 2025

Novel Lyrix ransomware sets sights on Windows systems

Freedman HealthCare experienced a significant data breach involving 52.4 GB of sensitive data and 42,204 files, allegedly compromised by the hacking group World Leaks, also known as Hunters International. The group has threatened to release the compromised information by Tuesday morning.

Winsage

June 15, 2025

Windows 11 upgrade workarounds might not be safe

Microsoft will cease providing security updates, bug fixes, and technical support for Windows 10 on October 14, 2025. Users can consider several options: 1. Upgrade to Windows 11 if their PCs meet compatibility criteria. 2. Replace their computer with a new one that comes pre-installed with Windows 11. 3. Use an unofficial workaround to install Windows 11 on unsupported hardware, though this carries risks. 4. Pay for Extended Security Updates (ESUs) after the deadline, primarily aimed at business customers.