A newly identified ransomware campaign linked to the LeakNet group is leveraging a sophisticated technique known as “ClickFix” to gain initial access into corporate systems. The attackers are distributing this method through compromised legitimate websites, making the attack harder to detect and increasing its reach across unsuspecting users.
ClickFix is a social engineering tactic that tricks users into executing malicious commands themselves, often under the guise of fixing an issue such as a CAPTCHA or system error. Once the user unknowingly runs the command, it initiates the infection process, allowing attackers to bypass traditional security defenses that rely on detecting automated malware behavior.
In this campaign, LeakNet combines ClickFix with a stealthy malware delivery mechanism using the Deno runtime, enabling attackers to load malicious code directly into memory without leaving obvious traces on disk. This approach significantly reduces the chances of detection by conventional antivirus and endpoint security tools.
By embedding these techniques into legitimate websites that have been hacked, the attackers can scale their operations efficiently and target a wider pool of victims. This method also increases trust, as users are more likely to interact with content hosted on familiar or reputable platforms.
The emergence of LeakNet’s tactics highlights a broader shift in ransomware strategies, where attackers are increasingly relying on human interaction and legitimate tools rather than purely technical exploits. This makes attacks more difficult to detect and defend against, especially in enterprise environments where employees may unknowingly trigger malicious actions.
Overall, the campaign underscores the growing sophistication of modern ransomware operations, combining social engineering, fileless malware execution, and trusted platforms to carry out large-scale, stealthy cyberattacks.
