Hackers use 'Blue Screen of Death' malware to target victims

News
By published

A fake BSOD is used to trick people into downloading backdoors

Malware worm
(Image credit: Shutterstock)
  • Russian-linked cybercriminals are running a new ClickFix campaign against European hotels and hospitality firms
  • Victims receive fake booking emails leading to a bogus “Blue Screen of Death” that prompts them to run malicious scripts
  • The malware disables Windows Defender, steals credentials, and clipboard data

Russian cybercriminals are trying to deploy backdoors and infostealers on people’s computers through a new ClickFix campaign - but this one comes with a sinister twist.

ClickFix attacks are usually centered around pop-ups - the victim gets an error message, and at the same time is offered a fix. That fix, be it to run a command, or download a piece of software, is actually when the victims install the malware themselves.

This campaign, focusing on European hotels and the wider hospitality industry, is just a little different, Securonix researchers said.

Fake BSOD

It starts the usual way - the victim would get an email stating that something is wrong with their latest booking, and that they need to move urgently or they will lose their reservation/be charged extra or something to that effect. The email is designed to look as if it’s coming from a popular booking service and comes with a button to “See Details” - but that’s where the scam happens.

Clicking the button first displays the message that “loading is taking too long”, after which a fake Blue Screen of Death appears (BSOD). The idea of a bricked computer, at a sensitive time when money and reservations are on the line, is strategically placed to make the victim panic, and try to rush to fix things. As usual with ClickFix attacks, the BSOD window will also come with a solution, and in this case, it’s to run a script in the Run program.

This script downloads the malware and other malicious tools, disables Windows Defender, and displays the real booking website to throw the victim off. There doesn’t seem to be a specific name for the malware, but the researchers are saying it works as an infostealer, grabbing passwords, clipboard data, and other information.

For Securonix, the campaign is “a sophisticated evolution in commodity malware delivery.”

“The psychological manipulation, combined with the abuse of trusted system binaries like `MSBuild.exe`, allows the infection to establish a foothold deep within the victim’s system before traditional defenses can react,” the researchers said.

“The technical complexity of the infection chain reveals a clear intent to evade detection and maintain long-term persistence.”

Via The Record

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.