Now, even Russia's most elite hackers are using Clickfix to infect devices
Summary
A top Russian government hacking group called Sandworm, linked to Russia’s military intelligence, is using a new trick called Clickfix to infect computers and steal information in Ukraine. This method tricks users into copying fake CAPTCHAs containing harmful scripts that install malware to spy on or control the device.Key Facts
- Sandworm is an elite Russian hacking group tied to military intelligence (the GRU).
- They use Clickfix, which shows fake CAPTCHAs that ask users to copy text that contains malicious commands.
- Once entered, the commands install malware that collects data or opens backdoors for more attacks.
- At least one Ukrainian organization was infected with malware named FreakyPoll during this campaign.
- The malware includes reconnaissance tools named GhettoVibe and ScoutCurl that gather information from infected devices.
- Other malware used includes FluidLeech (pretending to be antivirus software) and LoadLoop.
- Sandworm also targets Android phones by tricking users into installing harmful apps called CowardDuck.
- Ukraine’s CERT warned that the attackers alter web pages dynamically using special programs to show these fake CAPTCHAs.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.