Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    I’m suddenly not loving my UK shares like I used to

    July 17, 2026

    Taco Bell lettuce linked to diarrhea-causing cyclosporiasis outbreak

    July 17, 2026

    Global stocks drop on growing semiconductor rout; oil set for weekly gain By Reuters

    July 17, 2026
    Facebook X (Twitter) Instagram
    Addison Markets
    • Home
    • USA
    • Europe
    • Business
    • Investing
    • Tech
    • Politics
    • Contact Us
    Addison Markets
    Home»Tech»Now, even Russia’s most elite hackers are using Clickfix to infect devices
    Tech

    Now, even Russia’s most elite hackers are using Clickfix to infect devices

    franperez66q@protonmail.comBy franperez66q@protonmail.comJuly 17, 2026No Comments2 Mins Read
    Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
    Share
    Facebook Twitter LinkedIn Pinterest Telegram Email



    One of the Russian government’s most elite hacking groups has adopted an attack, known as Clickfix, to compromise devices belonging to sensitive organizations in Ukraine, the latter country’s CERT center is warning.

    Clickfix has emerged as an effective attack technique that attackers, primarily financially motivated criminals, began using in the last year or so. Websites under the control of the attackers display a CAPTCHA that requires the visitor to copy a jumble of text and paste it into the terminal. The text contains scripts that, once entered, perform malicious actions, typically by installing malware or exfiltrating sensitive data. Ukraine’s CERT said Wednesday that Sandworm, an advanced hacking unit inside the GRU, Russia’s military intelligence arm, is now using the technique.

    “GhettoVibe,” “ScoutCurl,” and many more

    The Clickfix attacks began in the spring and have continued through the summer. The campaign has resulted in the network compromise of at least one organization when a connected device was found to be infected by FreakyPoll, the name of one of Sandworm’s custom malware packages. Ukrainian authorities discovered 10 compromised websites that displayed a PowerShell command as part of a fake CAPTCHA that said it had to be passed to ensure a real human was behind the visiting device’s keyboard.

    Once the user entered the script, it could install malicious Visual Basic scripts and other malicious wares that went on to install a variety of Sandworm malware. Typically, the first malware to run was a reconnaissance program that gathered information from the infected device. Machines deemed important would then receive follow-on malware that backdoored the system.

    “The command, as an example, could be intended to load and save a VBS file in the Startup directory,” a translated version of Tuesday’s advisory stated. “One of the variants of such a program was called GHETTOVIBE. At the next stage, in order to determine the importance of the cyberattack object, the SCOUTCURL software tool can be loaded onto the attacked computer, which is a PowerShell script that performs basic reconnaissance by collecting and exfiltrating information about the computer: basic characteristics, programs, files, Internet browser data, etc.”



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    franperez66q@protonmail.com
    • Website

    Related Posts

    Linus Torvalds to critics of AI coding in Linux: “Fork it. Or just walk away.”

    July 17, 2026

    U.S.-China AI feud sees ASML on tightrope between sales, geopolitics

    July 17, 2026

    China’s Moonshot AI unveils Kimi K3 model it says rivals OpenAI, Anthropic

    July 17, 2026

    2026 Toyota RAV4 plug-in: Big battery means daily drives are all-electric

    July 17, 2026

    Trump teleprompter aide made $100,000 betting on what Trump would say, reports say

    July 17, 2026

    Xi pitches China as AI partner to developing world, warns against risks and security overreach

    July 17, 2026
    Leave A Reply Cancel Reply

    Top Reviews
    Editors Picks

    I’m suddenly not loving my UK shares like I used to

    July 17, 2026

    Taco Bell lettuce linked to diarrhea-causing cyclosporiasis outbreak

    July 17, 2026

    Global stocks drop on growing semiconductor rout; oil set for weekly gain By Reuters

    July 17, 2026

    Linus Torvalds to critics of AI coding in Linux: “Fork it. Or just walk away.”

    July 17, 2026
    © 2026 All right reserved
    • Privacy Policy
    • Terms & Conditions

    Type above and press Enter to search. Press Esc to cancel.