ClickFix Gets Creative: Malware Buried in Images www.huntress.com/blog/clic… This analysis outlines a multi-stage malware execution chain triggered through a ClickFix lure, ultimately delivering infostealing malware, including LummaC2 and Rhadamanthys. A key finding is the campaign’s use of steganography to conceal the final malware stages inside an image. Instead of appending malicious data to a file, the payload is encoded directly within the pixel data of PNG images, using specific colour channels to reconstruct and decrypt the malicious code in memory.
ClickFix Gets Creative: Malware Buried in Images
Edward Kiledjian
@ekiledjian