Found 6 bookmarks
Newest
Hackers now testing ClickFix attacks against Linux targets
Hackers now testing ClickFix attacks against Linux targets
A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible. A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible. ClickFix is a social engineering tactic where fake verification systems or application errors are used to trick website visitors into running console commands that install malware. These attacks have traditionally targeted Windows systems, prompting targets to execute PowerShell scripts from the Windows Run command, resulting in info-stealer malware infections and even ransomware. However, a 2024 campaign using bogus Google Meet errors also targeted macOS users. ClickFix targeting Linux users A more recent campaign spotted by Hunt.io researchers last week is among the first to adapt this social engineering technique for Linux systems. The attack, which is attributed to the Pakistan-linked threat group APT36 (aka "Transparent Tribe"), utilizes a website that impersonates India's Ministry of Defence with a link to an allegedly official press release.
#bleepingcomputer#EN#2025#APT36#ClickFix#Linux#Social-Engineering
·bleepingcomputer.com·
Hackers now testing ClickFix attacks against Linux targets
Linux wiper malware hidden in malicious Go modules on GitHub
Linux wiper malware hidden in malicious Go modules on GitHub
A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. The campaign was detected last month and relied on three malicious Go modules that included “highly obfuscated code” for retrieving remote payloads and executing them. Complete disk destruction The attack appears designed specifically for Linux-based servers and developer environments, as the destructive payload - a Bash script named done.sh, runs a ‘dd’ command for the file-wiping activity. Furthermore, the payload verifies that it runs in a Linux environment (runtime.GOOS == "linux") before trying to execute. An analysis from supply-chain security company Socket shows that the command overwrites with zeroes every byte of data, leading to irreversible data loss and system failure. The target is the primary storage volume, /dev/sda, that holds critical system data, user files, databases, and configurations. “By populating the entire disk with zeros, the script completely destroys the file system structure, operating system, and all user data, rendering the system unbootable and unrecoverable” - Socket The researchers discovered the attack in April and identified three Go modules on GitHub, that have since been removed from the platform: github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp github[.]com/steelpoor/tlsproxy
#bleepingcomputer#EN#2025#Data-Wiper#GitHub#Golang#Linux#Server#supply-chain-attack
·bleepingcomputer.com·
Linux wiper malware hidden in malicious Go modules on GitHub