GoKawiilA new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems.
A BSOD is a Windows crash screen displayed when the operating system encounters a fatal, unrecoverable error that causes it to halt.
In a new campaign first spotted in December and tracked by researchers at Securonix as "PHALT#BLYX," phishing emails impersonating Booking.com led to a ClickFix social engineering attack that deployed malware.
ClickFix attack impersonated BSOD crashes
ClickFix social engineering attacks are webpages designed to display an error or issue and then offer "fixes" to resolve it. These errors could be fake error messages, security warnings, CAPTCHA challenges, or update notices that instruct visitors to run a command on their computer to fix the issue.
Victims end up infecting their own machines by running malicious PowerShell or shell commands provided in the attacker's instructions.
In this new ClickFix campaign, attackers send phishing emails that impersonate a hotel guest cancelling their Booking.com reservation, typically sent to a hospitality firm. The claimed refund amount is significant enough to create a sense of urgency for the recipient of the email.
Fake Booking.com reservation cancellation alert
Source: Securonix
Clicking the link in the email takes the victim to a fake Booking.com website hosted on 'low-house[.]com,' which Securonix characterizes as a "high-fidelity clone" of the real Booking.com site.
... continue reading