ClickFix finds a backup plan in PySoxy proxy chains
Summary
Researchers have identified a new evolution of the ClickFix social engineering technique, now utilizing scheduled tasks, PowerShell, and the open-source proxy tool PySoxy for enhanced persistence and encrypted command and control. This dual-channel approach provides attackers with redundant access paths and avoids reliance on common malware or RMM tools.
IFF Assessment
The article describes a new technique used by attackers to gain persistence and establish encrypted communication channels, posing a greater threat to defenders.
Defender Context
Defenders should be aware of the evolving ClickFix social engineering tactics and the use of less common tools like PySoxy for establishing persistent, encrypted command and control channels. Monitoring for unusual scheduled tasks and PowerShell activity, especially when combined with the execution of Python-based proxy tools, is crucial for early detection.