From ClickFix to MetaStealer: Dissecting Evolving Threat Actor Techniques
By John Hammond, Alden Schmidt, Lindsey Welch During the past fifteen business days, Huntress analysts have observed increased threat activity involving several notable techniques. One case involved a malicious AnyDesk installer, which initially mimicked a standard ClickFix attack through a fake Cloudflare verification page but then utilized Windows File Explorer and an MSI package masked as a PDF to deploy MetaStealer malware. Additionally, two incidents involving the Cephalus ransomware vari