ClickFix, a one-shot social engineering technique that tricks victims into executing malicious workflows disguised as fixes to technical issues in their systems, has got a persistence upgrade.
In a one-off instance, ReliaQuest researchers have spotted an intrusion chain using scheduled tasks, PowerShell-based command-and-control (C2), and a unique abuse of the decade-old open-source proxy tool PySoxy.
As the researchers pointed out in a blog post, PySoxy is giving attackers encrypted proxy access without relying on well-known malware or remote monitoring and management (RMM) tools. The observed attack chain established an initial PowerShell-based C2 channel, followed by a second C2 path thro...