Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites

A new phishing campaign uses the ClickFix technique to deliver Havoc, an open-source C2 framework, via SharePoint sites. The campaign starts with a phishing email containing an HTML attachment that tricks users into executing a malicious PowerShell command, leading to the download and execution of additional scripts and ultimately, the Havoc Demon agent. This campaign highlights the continued use of deceptive tactics and the exploitation of vulnerabilities in popular services like Google Ads.