ClickFix Tactic Deploys Amatera Stealer and NetSupport RAT

Cybersecurity researchers have uncovered a malware campaign using the ClickFix social engineering tactic to deploy Amatera Stealer and NetSupport RAT. The campaign, tracked as EVALUSION, targets cryptocurrency wallets, browsers, and messaging applications. Amatera, an evolution of ACR Stealer, employs advanced evasion techniques and is available via subscription. The attack involves tricking users into executing malicious commands through the Windows Run dialog, leading to a multi-step infection process. The malware harvests sensitive data and contacts an external server to execute further commands.