• ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.
Article Summaries:
- ClickFix exploits DNS lookup command to deliver ModeloRAT, adapting to modern defenses
Cyber‑security researchers report that the threat actor ClickFix has introduced a new delivery method that leverages the Windows DNS lookup command to install ModeloRAT, a remote‑access trojan. By embedding the DNS query within legitimate-looking scripts, the campaign bypasses many endpoint protection systems and tricks users into executing the payload on their own machines. The technique represents a shift toward more sophisticated, user‑trick-based infection vectors, allowing ClickFix to maintain persistence and data‑exfiltration capabilities even as security controls evolve. The move underscores the need for vigilant monitoring of anomalous DNS activity and user‑education on suspicious scripts.
Sources: