Attackers are bypassing browser security by tricking users into running system-level commands. ๐
Threat Alert ยท LeakNet ransomware gang using ClickFix and Deno loaders.
We are seeing a new wave of attacks from the LeakNet ransomware group targeting corporate environments via the ClickFix technique. Attackers present users with fake browser errors or AI tool update prompts that instruct them to copy and paste a command into the terminal to ‘fix’ the issue.
This campaign is notable for using a malware loader based on the open-source Deno runtime. By abusing legitimate developer tools like Denoโ the attackers can execute malicious JavaScript and TypeScript with system-level access while evading traditional browser-based sandbox security.
The uncomfortable truth: If your security strategy depends on users not following helpful-looking instructionsโ you have no defense against modern social engineering.
โ Educate employees specifically on the ClickFix technique and the danger of running copied terminal commands.
โ Restrict the execution of developer runtimes like Denoโ Node.jsโ and Python on non-technical workstations.
โ Monitor endpoint logs for unusual shell activity originating from browser process parentage.
#Cybersecurity #Ransomware #SocialEngineering #EndpointSecurity #SOC #CodeDefence