The Lampion malware campaign has evolved significantly, employing new social engineering techniques that complicate traditional detection methods. The use of ClickFix lures, which trick users into thinking they need to resolve technical issues, distinguishes this iteration. Attackers rely on compromised email accounts to send authentic-looking bank transfer notifications, with infection vectors now involving ZIP file attachments for greater stealth.
Notably, the attack has seen an increase in activity with dozens of infections daily, highlighting the operational sophistication behind the campaign. The infection chain utilizes multiple stages of malware delivery, with obfuscated Visual Basic scripts leading to a DLL payload designed for credential theft. Moreover, the implementation of persistence tactics, initiated in June 2025, allows the malware to maintain access through system reboots and across sessions, underscoring the group’s technical acumen in operational security.
👉 Pročitaj original: Cyber Security News
