ClickFix tactic: The Phantom Meet

SUMMARY :

This analysis explores the ClickFix social engineering tactic that emerged in 2024, focusing on a cluster impersonating Google Meet pages to distribute malware. The tactic tricks users into running malicious code by displaying fake error messages. The investigated cluster targets both Windows and macOS systems, spreading infostealers like Stealc, Rhadamanthys, and AMOS Stealer. The operation is linked to cybercrime groups 'Slavic Nation Empire' and 'Scamquerteo', sub-teams of larger cryptocurrency scam organizations. The report details the infection chain, infrastructure, and provides insights into the broader malware distribution ecosystem associated with these threat actors.

OPENCTI LABELS :

phishing,social engineering,stealc,infostealer,cryptocurrency,rhadamanthys,clickfix,web3,amos stealer,google meet


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


ClickFix tactic: The Phantom Meet