Microsoft spots ClickFix campaign getting users to self-pwn on Windows Terminal
Summary
Microsoft has identified a new iteration of the ClickFix scam targeting Windows users. Attackers are now instructing victims to open Windows Terminal and paste malicious commands, which leads to the deployment of the Lumma infostealer. This malware then gains access to the victim's browser credentials.
IFF Assessment
FOE
This represents a novel and effective social engineering technique that bypasses traditional defenses by tricking users into executing malicious code themselves.
Defender Context
Defenders need to educate users about the dangers of executing commands from untrusted sources, even when presented as simple copy-paste actions. Monitoring for unusual Windows Terminal activity and the presence of infostealers like Lumma is crucial.