OpenCTI Live Threat Report Feed

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

NetmanageIT OpenCTI - opencti.netmanageit.com

Daniel Bender

1 min read
Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign



SUMMARY :

Threat actors are using fake Google Meet web pages as part of the ClickFix campaign to deliver infostealers targeting Windows and macOS systems. The attackers display fake error messages in web browsers, tricking users into executing malicious PowerShell code. The campaign has expanded to impersonate various online services, including Facebook, Google Chrome, and reCAPTCHA. On Windows, the attack deploys StealC and Rhadamanthys stealers, while macOS users are targeted with the Atomic stealer. The tactic evades detection by having users manually run the malicious code. Two traffers groups, Slavic Nation Empire and Scamquerteo, are attributed to this campaign, suggesting shared materials and infrastructure.

OPENCTI LABELS :

powershell,stealer,macos,social engineering,stealc,windows,rhadamanthys,infostealers,clickfix,google meet,atomic


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign