Unit 42 researchers recently uncovered a targeted campaign, originating in Brazil, that uses multiple, highly obfuscated Visual Basic scripts as part of the infection chain.
This campaign has targeted dozens of Portuguese organizations, with a particular focus on the government, finance and transportation sectors —ually using the Lampion malware that focuses on sensitive banking information.
The initial infection vector in this campaign is a ClickFix lure, a technique which manipulates the victim into running a malicious command that infects their machine.
The ClickFix technique is becoming increasingly prevalent and poses a significant risk due to low awareness of its risks.
Unit 42 researcher recommend proactive measures to address this evolving threat, coupled with enhanced detection capabilities to identify complex and obfuscated threats.
