Threats Tagged 'click-fix'
View all threats tagged with 'click-fix'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'click-fix'
Click on any threat for detailed analysis and mitigation recommendations
Threat Research: PHALT#BLYX: Fake BSODs and Trusted Build Tools 0 The PHALT#BLYX campaign targets the hospitality sector using sophisticated social engineering and advanced techniques. It begins with a phishing email mimicking a Booking.com reservation cancellation, leading victims to a fake website. Users are tricked into executing malicious PowerShell commands through a fake BSOD and click-fix social engineering tactic. The malware leverages MSBuild.exe to bypass defenses and deploys a customized DCRat payload. It establishes persistence, disables Windows Defender, and uses process hollowing to inject into legitimate processes. The campaign shows evolution from earlier, simpler methods and demonstrates a deep understanding of modern endpoint protection. Attribution points to Russian-speaking threat actors, given the presence of Cyrillic debug strings and the use of DCRat, a popular tool in Russian underground forums. Join the discussion | AlienVault OTX General | 01/09/2026, 09:47:05 UTC Added: 01/09/2026, 10:11:53 UTC |
Showing 1 to 1 of 1 result