ESET: Cybercriminals use psychological manipulation to trap users in order to obtain data

According to ESET, an international supplier of business and home security software solutions, one of the most striking developments in recent months is the more than 500 percent increase in ClickFix attacks that deceive victims compared to the previous half-year, making them one of the fastest growing threats.

The statement quotes Péter Béres, CEO of Sicontact Kft., which distributes ESET products. IT manager, who said: the new type of social engineering uses a fake error message or authentication message to trick victims into copying and pasting a malicious script and then running it. The method affects all major operating systems, including Windows, Linux and macOS platforms. Regarding the manipulation, he said that everyone has come across website messages that ask the user to prove that they are not a robot, for example by having to mark all the images that contain buses or traffic lights. Since users are already used to this, few question it when they have to prove it with a new type of task, for example by copying and pasting something on their device. This is exactly what cybercriminals had in mind when they turned one of the functions of the Internet into a new attack method.

According to the statement, the list of threats associated with ClickFix is growing every day, including data-stealing malware, ransomware, remote access Trojans, cryptominers, post-exploitation tools, and even unique malware used by threat actors linked to nation states.

According to the threat report, significant changes have also occurred in the field of data-stealing malware: for example, SnakeStealer is able to log keystrokes, save authentication data, and is capable of taking screenshots and collecting clipboard contents. The malware is mainly distributed as a malicious attachment to phishing emails, including in Central and Eastern European countries.