Amatera Stealer
Fake Claude Code install guides push infostealers in InstallFix attacks
Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command-line interface (CLI) tools. The new trick exploits the common practice among developers these days of downloading and executing scripts through ‘curl-to-bash’ commands from online sources without […]
New ClickFix attacks abuse Windows App-V scripts to push malware
A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware. The Microsoft App-V script acts as a living-off-the-land binary that proxies the execution of PowerShell through a trusted Microsoft component to disguise the malicious activity. Microsoft Application Virtualization is an enterprise Windows […]