ClickFix: BabaDeda, Lorem Ipsum and Potemkin — new downloaders in attacks

Colleagues — a cybersecurity alert: ClickFix campaigns deploy new downloaders.
- Who: Morphisec, BlueVoyant and Huntress report BabaDeda, Lorem Ipsum and Potemkin.
- How: ClickFix social engineering (fake updates, command injection), compromised WordPress, ZIP/MSI/HTA, DLL side‑loading, external storage (Storage Crypter).
- What: info‑stealers, RATs, RMM, stealth in‑memory execution, DGA and resilient C2.
- I recommend: block in‑browser command injection, enforce strict PowerShell policies, control DLL loading and monitor DGA/anomalies.
Why it matters: ClickFix exploits the human factor and reduces the effectiveness of traditional defenses.
Which of these measures do you consider priorities?
#cybersecurity #malware #SOC #infosec


Latest comments
No comments yet.