LINDENSEC

A free PDF Editor turning itself into an infostealer overnight. Let's hunt it down with KQL!

ClickFix was bad enough; it became the second most common attack vector right after phishing. ClickFix tricked users with a deceptive webpage (often disguised as a CAPTCHA) that prompted them to copy and paste a string, open the Run dialog with WIN+R, and boom! Hidden in front of what looked like a harmless path was a whole PowerShell payload. This led to a surge in infostealers, cryptominers, and RATs. It was only a matter of time before similar techniques popped up. Inspire

Sometimes the most interesting security discoveries start with the most mundane activities.