CloudSEK’s latest threat intelligence report reveals a sophisticated ransomware campaign leveraging fake ClickFix-themed verification pages to distribute Epsilon Red malware.
Threat actors are impersonating platforms like Discord, Twitch, and OnlyFans to trick users into downloading .HTA files. These payloads silently execute ransomware via browser-based ActiveX abuse—bypassing standard security measures and putting global users at risk.
Key Highlights:
- Active campaign observed in July 2025
- Abuse of social engineering and brand impersonation
- Infrastructure linked to multiple fake domains and IPs
- Epsilon Red ransom notes bear stylistic resemblance to REvil, though the malware is distinct
- Final-stage deployment of Epsilon Red ransomware
Full report available here:
🔗 https://www.cloudsek.com/blog/threat-actors-lure-victims-into-downloading-hta-files-using-clickfix-to-spread-epsilon-red-ransomware
Like this:
Like Loading...
Related
This entry was posted on July 25, 2025 at 9:09 am and is filed under Commentary with tags CloudSEK. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
CloudSEK Uncovers New Epsilon Red Ransomware
CloudSEK’s latest threat intelligence report reveals a sophisticated ransomware campaign leveraging fake ClickFix-themed verification pages to distribute Epsilon Red malware.
Threat actors are impersonating platforms like Discord, Twitch, and OnlyFans to trick users into downloading .HTA files. These payloads silently execute ransomware via browser-based ActiveX abuse—bypassing standard security measures and putting global users at risk.
Key Highlights:
Full report available here:
🔗 https://www.cloudsek.com/blog/threat-actors-lure-victims-into-downloading-hta-files-using-clickfix-to-spread-epsilon-red-ransomware
Share this:
Like this:
Related
This entry was posted on July 25, 2025 at 9:09 am and is filed under Commentary with tags CloudSEK. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.