From ClickFix to MetaStealer: Dissecting Evolving Threat Actor Techniques www.bleepingcomputer.com/news/secu…

During the past fifteen business days, Huntress analysts have observed increased threat activity involving several notable techniques. One case involved a malicious AnyDesk installer, which initially mimicked a standard ClickFix attack through a fake Cloudflare verification page but then utilized Windows File Explorer and an MSI package masked as a PDF to deploy MetaStealer malware.

Additionally, two incidents involving the Cephalus ransomware variant were detected.

This ransomware distinguishes itself by employing DLL sideloading through a legitimate SentinelOne executable, SentinelBrowserNativeHost.exe, to launch the payload. These recent findings highlight the ongoing evolution in threat actor tradecraft, combining established social engineering methods with more technically advanced infection chains and evasive deployment strategies.