🟠 High  |  Source: The Hacker News


A sophisticated banking malware campaign dubbed SCMBANKER (tracked as REF6045) is targeting customers of Mexican banks, fintechs, payment processors, and cryptocurrency exchanges. Attackers use fake CAPTCHA pages — a technique known as ClickFix — to trick victims into manually running a malicious PowerShell command that installs the malware. This social engineering approach is particularly effective because it bypasses many automated security controls by having the victim execute the payload themselves.

Security Architect’s Take: Enforce application whitelisting and PowerShell Constrained Language Mode across endpoints to prevent unauthorised script execution; additionally, deploy browser-based controls or DNS filtering to block known ClickFix lure domains and ensure security awareness training explicitly covers fake CAPTCHA social engineering tactics.

Original advisory: SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users