More than 100 automotive dealerships had their websites infected with malicious ClickFix code spreading the SectopRAT malware following a supply chain attack against third-party dealer video service provider LES Automotive, reports SecurityWeek.
Threat actors injected a fraudulent reCAPTCHA on the dealer webpages that lured visitors to click a prompt that not only copies the malicious command to the clipboard but also instructs users to paste and execute the command on the Windows Run prompt, leading to the eventual deployment of the remote access trojan, according to security researcher Randy McEoin.
Further analysis of the code revealed the presence of at least one Russian-language comment.
Such a development comes amid the increasing prevalence of ClickFix attack campaigns, with the hospitality sector recently reported by Microsoft to have been subjected to a massive campaign that involved the impersonation of Booking.com.
Intrusions involving ClickFix were also noted by the Department of Health and Human Services to have been launched by Russian threat actors since last April.
