ClickFix¹¥»÷¿çWindows¡¢LinuxϵͳִÐÐÉç»á¹¤³ÌÓÕÆ­

°ä²¼¹¦·ò 2025-05-13

1. ClickFix¹¥»÷¿çWindows¡¢LinuxϵͳִÐÐÉç»á¹¤³ÌÓÕÆ­


5ÔÂ12ÈÕ £¬½üÈÕ £¬Ò»ÏîÀûÓÃClickFix¹¥»÷µÄл±»·¢ÏÖ £¬¸Ã»î¶¯Õë¶ÔWindowsºÍLinuxϵͳ £¬Ñ¡È¡¿ÉϰȾÈÎÒ»²Ù×÷ϵͳµÄÖ¸Áî¡£ClickFix×÷ΪһÖÖÉç»á¹¤³ÌÕ½Êõ £¬Í¨¹ýÐéαÑé֤ϵͳ»òÀûÓ÷¨Ê½ÃýÎóÓÕÆ­Óû§ÔËÐжñÒâºÅÁî¡£´«Í³ÉÏ £¬´ËÀ๥»÷ÖØÒªÕë¶ÔWindowsϵͳ £¬Í¨¹ýÓÕÆ­Óû§Ö´ÐÐPowerShell¾ç±¾ £¬µ¼ÖÂÐÅÏ¢ÇÔÈ¡»òÀÕË÷Èí¼þϰȾ¡£È»¶ø £¬2024ÄêÒÑÓлÕë¶ÔmacOSÓû§ £¬ÇÒ½üÆÚHunt.io×êÑÐÈËÔ±·¢ÏÖ £¬Óë°Í»ù˹̹ÓйصÄAPT36£¨±ðÃû¡°Í¨Ã÷²¿Â䡱£©Íþв×éÖ¯ÌáÒéÁËÒ»ÏîÕë¶ÔLinuxϵͳµÄClickFix¹¥»÷¡£¸Ã×éÖ¯ÀûÓüÙÒâÓ¡¶È¹ú·À²¿µÄÍøÕ¾ £¬¸½ÉÏÐéαÐÂΟåÁ´½Ó £¬µ±Óû§µã»÷ºó £¬Æ½Ì¨»á·ÖÎöÆä²Ù×÷ϵͳ²¢³Á¶¨Ïòµ½ÏàÓ¦µÄ¹¥»÷Á÷¡£ÔÚWindowsϵͳÖÐ £¬Óû§»á¿´µ½È«ÆÁÖÒ¸æÒ³Ãæ £¬µã»÷¡°³ÖÐø¡±ºó £¬¶ñÒâJavaScript»á½«MSHTAºÅÁÔìµ½¼ôÌù°å £¬ÓÕµ¼Óû§Ö´ÐÐ £¬´Ó¶øÆô¶¯.NET¼ÓÔØ·¨Ê½²¢Ïνӵ½¹¥»÷ÕßµØÖ·¡£ÔÚLinuxϵͳÖÐ £¬Óû§µã»÷¡°ÎÒ²»ÊÇ»úеÈË¡±°´Å¥ºó»á±»³Á¶¨Ïòµ½CAPTCHAÒ³Ãæ £¬ÓÕµ¼ÆäÖ´ÐÐshellºÅÁî £¬½«¡°mapeal.sh¡±¸ºÔØÍ¶·Åµ½Ö¸±êϵͳ¡£Ö»¹Üµ±Ç°°æ±¾µÄ¡°mapeal.sh¡±½ö´Ó¹¥»÷Õß·þÎñÆ÷»ñÈ¡JPEGͼÏñ £¬µ«APT36¿ÉÄÜÔÚ²âÊÔLinuxϰȾÁ´µÄÓÐЧÐÔ £¬½«À´¿ÉÄÜͨ¹ý´úÌæÍ¼ÏñΪshell½ÅÕý±¾×°ÖöñÒâÈí¼þ¡£


https://www.bleepingcomputer.com/news/security/hackers-now-testing-clickfix-attacks-against-linux-targets/


2. Marbled DustÀûÓÃÁãÈÕ·ì϶¹¥»÷Output MessengerÓû§


5ÔÂ12ÈÕ £¬Î¢ÈíÍþвµý±¨·ÖÎöʦ½üÈÕ·¢ÏÖ £¬Ò»¸öÓÉÍÁ¶úÆäÖ§³ÖµÄÍøÂç¼äµý×éÖ¯Marbled Dust£¨±ðÃûSea Turtle¡¢SILICONºÍUNC1326£©ÀûÓÃÁãÈÕ·ì϶¹¥»÷ÓëÒÁÀ­¿Ë¿â¶ûµÂ¾ü¶ÓÓйصÄOutput MessengerÓû§¡£¸Ã×éÖ¯·¢ÏÖLANÐÂÎÅ´«µÝÀûÓ÷¨Ê½Output Messenger´æÔÚĿ¼±éÀú·ì϶£¨CVE-2025-27920£© £¬´Ë·ì϶¿Éʹ¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷Õß½Ó¼ûÖ¸±êĿ¼±íµÄÃô¸ÐÎļþ»òÔÚ·þÎñÆ÷Æô¶¯Îļþ¼ÐÖв¿Êð¶ñÒâ¸ºÔØ¡£ÀûÓ÷¨Ê½¿ª·¢ÉÌSrimaxÔÚ12Ô°䲼µÄ°²È«²¼¸æÖÐÖ¸³ö £¬¹¥»÷Õß¿ÉÄܽè´Ë½Ó¼ûÅäÖÃÎļþ¡¢Ãô¸ÐÓû§Êý¾ÝÉõÖÁÔ´´úÂë £¬½ø¶øµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐеȽøÒ»²½¹¥»÷¡£¸Ã·ì϶ÒÑÔÚOutput Messenger V2.0.63°æ±¾Öеõ½½¨²¹¡£È»¶ø £¬Marbled DustÔÚ»ñµÃOutput Messenger Server ManagerÀûÓ÷¨Ê½½Ó¼ûȨÏÞºó £¬ÈÔÕë¶Ôδ¸üÐÂϵͳµÄÓû§ÌáÒé¹¥»÷²¢Ï°È¾¶ñÒâÈí¼þ¡£¹¥Ï·þÎñÆ÷ºó £¬¸Ã×éÖ¯¿ÉÇÔÈ¡Ãô¸ÐÊý¾Ý¡¢½Ó¼ûÓû§Í¨Ñ¶¡¢¼ÙÒâÓû§¡¢½Ó¼ûÄÚ²¿ÏµÍ³²¢µ¼ÖÂÔËÓªÖжÏ¡£Î¢ÈíÆÀ¹ÀÒÔΪ £¬Marbled Dust¿ÉÄÜÀûÓÃDNS½Ù³Ö»òÓòÃûÇÀ×¢¼¼ÊõÀ¹½Ø¡¢¼Í¼ºÍ³Á¸´Ê¹ÓÃÍ´´¦¡£¹¥»÷ÕßÔÚÊܺ¦ÕßÉ豸Éϲ¿ÊðºóÃÅ·¨Ê½ £¬²é³­Óë¹¥»÷Õß½ÚÔìµÄºÅÁîºÍ½ÚÔìÓòµÄÏνÓÐÔ £¬²¢ÏòÍþвÐÐΪÕßÌṩÐÅÏ¢ÒÔ¼ø±ðÊܺ¦Õß¡£


https://www.bleepingcomputer.com/news/security/output-messenger-flaw-exploited-as-zero-day-in-espionage-attacks/


3. ¶ñÒânpm°üÕë¶ÔmacOS°æCursor±à×ëÆ÷·¢Æð¹©¸øÁ´¹¥»÷


5ÔÂ9ÈÕ £¬ÍøÂ簲ȫ×êÑÐÈËÔ±½üÈÕ·¢ÏÖÈý¸ö¶ñÒânpmÈí¼þ°üÕë¶ÔÆ»¹ûmacOS°æÈËΪÖÇÄÜÇý¶¯µÄÔ´´úÂë±à×ëÆ÷Cursor·¢Æð¹¥»÷¡£ÕâЩÈí¼þ°ü¼Ù×°³É¿ª·¢Õß¹¤¾ß £¬Í¨¹ýÇÔÈ¡Óû§Æ¾Ö¤¡¢´Ó¹¥»÷Õß½ÚÔìµÄ·þÎñÆ÷»ñÈ¡¼ÓÃÜÔØºÉ²¢¸²¸ÇCursorµÄºÏ·¨Îļþ £¬½ø¶ø½ûÓÃ×Ô¶¯¸üлúÔìÒÔά³ÖÓÆ¾ÃÐÔפÁô¡£ÊÜÓ°ÏìµÄÈí¼þ°üÔ̺¬sw-cur¡¢sw-cur1ºÍaiide-cur £¬½ØÖÁ5ÔÂ9ÈÕÈÔ¿ÉÔÚnpm²Ö¿âÏÂÔØ¡£×°Öúó £¬ÕâЩÈí¼þ°ü»áÇÔÈ¡Óû§ÊäÈëµÄCursorƾ֤ £¬²¢´ÓÔ¶³Ì·þÎñÆ÷»ñÈ¡µÚ¶þ½×¶ÎÔØºÉ £¬ÓöñÒâ´úÂë´úÌæºÏ·¨Îļþ £¬ÉõÖÁ½ûÓÃCursorµÄ×Ô¶¯¸üÐÂÖ°ÄÜ £¬³ÁÆôÀûÓÃʹ¶ñÒâ´úÂëÉúЧ £¬Ê¹¹¥»÷ÕßÄÜÔÚÆ½Ì¨ÉÏÖ´ÐÐËÁÒâ´úÂë¡£Socket¹«Ë¾×êÑÐÔ±Ö¸³ö £¬Õâ·´Ó³³ö¹¥»÷ÕßÕýͨ¹ý¶ñÒânpm°ü´Û¸Ä¿ª·¢ÕßϵͳÏÖÓкϷ¨Èí¼þµÄÐÂÇ÷Ïò £¬¼´±ãɾ³ý¶ñÒâÈí¼þ°ü £¬ÈÔÐè³ÁÐÂ×°Öñ»´Û¸ÄµÄÈí¼þÄÜÁ¦³¹µ×¶Ï¸ùÍþв¡£´Ë±í £¬¹¥»÷Õß»¹ÀûÓÿª·¢Õß¶ÔAI¹¤¾ßµÄÐËÖÂÖ´Ðд¹µö £¬ÒÔ¡°×î±ãÒËCursor API¡±Îªµö¶üÎüÒýÓû§×°ÖúóÃÅ¡£Í¬Ê± £¬°²È«×êÑÐÔ±»¹Åû¶ÁËÁí±íÁ½¸ö¶ñÒânpm°ü £¬ËüÃÇͨ¹ý¡°°ü×°Æ÷ģʽ¡±´«²¼Ò»Ñù¶ñÒâ´úÂë £¬ÇÔÈ¡¼ÓÃÜÇ®±Òƽ̨Êý¾Ý¡£Áí±í £¬°²È«¹«Ë¾AikidoÒ²·¢ÏֺϷ¨npm°ü¡°rand-user-agent¡±Ô⹩¸øÁ´¹¥»÷ £¬¶ñÒâ°æ±¾Ö²ÈëÔ¶³Ì½ÚÔìľÂí £¬Í¨¹ýÓë±í²¿·þÎñÆ÷ͨѶʵÏÖĿ¼Çл»¡¢ÎļþÉÏ´«ºÍºÅÁîÖ´ÐС£


https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html


4. ASUS DriverHubÆØÔ¶³Ì´úÂëÖ´Ðзì϶ £¬½¨ÒéÓû§¾¡¿ì¸üÐÂ


5ÔÂ12ÈÕ £¬ASUS DriverHubÇý¶¯·¨Ê½ÖÎÀíʵÓ÷¨Ê½±»ÆØ´æÔÚÑϳÁÔ¶³Ì´úÂëÖ´Ðзì϶ £¬¸Ã·ì϶ÓÉÐÂÎ÷À¼¶ÀÁ¢ÍøÂ簲ȫ×êÑÐÔ±±£ÂÞ·¢ÏÖ¡£DriverHub×÷Ϊ»ªË¶¹Ù·½Çý¶¯·¨Ê½ÖÎÀí¹¤¾ß £¬»áÔÚijЩ»ªË¶Ö÷°å³õ´ÎϵͳÆô¶¯Ê±×Ô¶¯×°Öà £¬²¢ÔÚºó¶Üͨ¹ý¶Ë¿Ú53000ÔËÐÐ £¬³ÖÐø²é³­Çý¶¯·¨Ê½¸üС£È»¶ø £¬¸ÃÈí¼þ¶Ô·¢Ë͵½ºó¶Ü·þÎñµÄºÅÁîÑéÖ¤²»¼° £¬¹¥»÷Õß¿ÉÀûÓÃCVE-2025-3462ºÍCVE-2025-3463·ì϶´´½¨·ì϶ÀûÓÃÁ´ £¬ÈƹýÔ´Õ¾ÑéÖ¤ £¬ÔÚÖ¸±êÉ豸ÉÏ´¥·¢Ô¶³Ì´úÂëÖ´ÐС£·ì϶µÄ¹Ø¼üÔÚÓÚÈí¼þ¶ÔOrigin HeaderµÄ²é³­Ö´Ðв»Á¦ £¬ÈκÎÔ̺¬¡°driverhub.asus.com¡±×Ö·û´®µÄÍøÕ¾ÒªÇó³ÇÊб»½ÓÊÜ £¬¼´±ãÓ뻪˶¹Ù·½ÃÅ»§²»ÆëȫƥÅä¡£´Ë±í £¬UpdateApp¶ËµãÔÊÐí´Ó¡°.asus.com¡±URLÏÂÔØ²¢ÔËÐÐ.exeÎļþ £¬ÎÞÐèÓû§È·ÈÏ £¬½øÒ»²½¼Ó¾çÁË·çÏÕ¡£¹¥»÷Õß¿ÉÓÕÆ­Óû§½Ó¼û¶ñÒâÍøÕ¾ £¬Í¨¹ýºýŪOrigin HeaderÈÆ¹ýÑéÖ¤ £¬Ïò±¾µØ·þÎñ·¢ËͶñÒâÒªÇó £¬ÏÂÔØ²¢Ö´ÐжñÒâÎļþ¡£»ªË¶ÓÚ2025Äê4ÔÂ8ÈÕÊÕµ½»ã±¨ £¬4ÔÂ18ÈÕÖ´Ðн¨¸´ £¬µ«CVEÃèÊöÖдæÔÚÎóµ¼ÐÔÉêÃ÷ £¬³ÆÎÊÌâ½öÏÞÓÚÖ÷°å £¬¶øÏÖʵÉÏ»áÓ°Ïì×°ÖÃÁËDriverHubµÄ±Ê¼Ç±¾µçÄÔºĮ́ʽµçÄÔ¡£»ªË¶°²È«²¼¸æ½¨ÒéÓû§¾¡¿ì¸üÐÂÖÁ×îа汾¡£Èô¶Ôºó¶Ü·þÎñ×Ô¶¯»ñȡDZÔÚΣÏÕÎļþ²»Âú £¬¿É´ÓBIOSÉèÖÃÖнûÓÃDriverHub¡£


https://www.bleepingcomputer.com/news/security/asus-driverhub-flaw-let-malicious-sites-run-commands-with-admin-rights/


5. ÀÕË÷ÍÅ»ï÷è÷ë´Ó¶íº¥¶íÖݾ¯³¤°ì¹«ÊÒÇÔÈ¡°ÙGBÎļþ


5ÔÂ9ÈÕ £¬Ò»¸ö¶íÂÞ˹ÀÕË÷Èí¼þÍŶÓ÷è÷ëÐû³Æ´Ó¶íº¥¶íÖݺºÃܶû¶ÙÏØ¾¯³¤°ì¹«ÊÒÇÔÈ¡Á˽ü100GBÎļþ £¬ÆäÖоݳÆÔ̺¬¹«¹²°²È«ÐÅÏ¢¡£÷è÷ëÊdzôÃûÔ¶ÑïµÄÀÕË÷Èí¼þ¼´·þÎñ£¨RaaS£©×éÖ¯ £¬ÓÚ5ÔÂ4ÈÕÔÚÆäµØÏÂÍøÕ¾Éϰ䲼йÃÜ֪ͨ £¬Ðû³Æ³ÖÓдӾ¯³¤ÏµÍ³ÇÔÈ¡µÄ128,294¸öÎļþ¡£¸ÃÍÅ»ïÒÔÖ´ÐÐË«³ÁÀÕË÷¶øÎÅÃû £¬ÒªÇóÊܺ¦ÕßÖ§¸¶ÓöÈÒÔ½âËøÏµÍ³ºÍÔ¤·ÀÊý¾Ýй¶ £¬²»È»»á½«ÎļþÉÏ´«µ½ÍøÉÏ¡£÷è÷ëÐû³ÆÇÔÈ¡µÄÎļþÔ̺¬7ÔÂ4ÈÕ¹«¹²°²È«´òËãµÄµý±¨ £¬¿ÉÄÜÉæ¼°ÓÎÐзÏß¡¢ÈËȺ½ÚÔìÒÔ¼°½ÚÈÕÆÚ¼ä¾¯Ô±Öµ°àÆÌÅÅ £¬»¹Ðû³Æ°ÑÎÕÁ˾¯³¤°ì¹«ÊÒÕÐÆ¸ÔµÓɵÄÄÚ²¿ÐÅÏ¢¡£ÖµÍ×ÌùÐĵÄÊÇ £¬¸ÃÏØ°ì¹«ÊÒĿǰÔÚ°§µ¿Ò»Î»³Ö¾ÃÈÎÖ°µÄ¸±¾¯³¤À­ÀºàµÂÉ­ £¬ËûÓÚ5ÔÂ2ÈÕÔÚÒ»³¡³µ»öÖб»ÓÐÒâɱº¦¡£÷è÷ë×Ô2022Äê³õ´Î³Ê´Ë¿ÌÀÕË÷Èí¼þȦÖÐÒÔÀ´ £¬¾ÍÒòÏ®»÷Ò½Ôº¶ø¹ãΪÈËÖª £¬Ôø¶ÔÓ¢¹ú¹úÃñÒ½ÁÆ·þÎñϵͳ£¨NHS£©ºÏ×÷ͬ°éSynnovis³¢ÊÔÊÒ·¢ÆðºÚ¿Í¹¥»÷ £¬µ¼ÖÂÂ×¶ØÎå¼Ò¹«Á¢Ò½Ôº¹Ø¼ü·þÎṉ̃»¾¡£÷è÷ëÊÇ×î»îÔ¾µÄÀÕË÷Èí¼þÍÅ»ïÖ®Ò» £¬ÒÑÓÐ403ÃûÊܺ¦Õß¡£


https://cybernews.com/cybercrime/hamilton-county-sheriff-ransomware-attack/


6. FreeDrain´¹µöȦÌ×µ¼Ö¼ÓÃÜÇ®±Ò°®ºÃÕßÇ®°ü±»Çå¿Õ


5ÔÂ12ÈÕ £¬Ò»ÏîÃûΪFreeDrainµÄ¸´ÔÓ´¹µö´òËã×Ô2022ÄêÆð³ÖÐøÕë¶ÔWeb3ÏîÄ¿ £¬´ó¹æÄ£Çå¿Õ¼ÓÃÜÇ®±ÒÇ®°ü¡£¸Ã´òËã×î³õÓÚ2024Äê4Ô±»Validin¼ì²âΪµ¥Ò»µÄ¼ÓÃÜ´¹µöÍøÕ¾ÍøÂç £¬µ«ËæºóÏÔ¶³ö¸ü¸ß¸´ÔÓÐԺ͸ü´ó¹æÄ£ £¬´Ùʹ»¥ÁªÍøµý±¨Æ½Ì¨ÌṩÉÌÓëSentinelOneµÄ×êÑÐÍŶÓSentinelLabsºÏ×÷µ÷²é¡£FreeDrain´òËãδÒÀÀµ´¹µöÓʼþ¡¢¶ÌÐÅ´¹µöµÈ³£¼û¼¿Á© £¬¶øÊÇͨ¹ýSEO°Ñ³Ö¡¢Ãâ·Ñ²ã¼¶ÍøÂç·þÎñºÍ·Ö²ã³Á¶¨Ïò¼¼Êõ¶Ô×¼¼ÓÃÜÇ®±ÒÇ®°ü¡£Êܺ¦ÕßÔÚµã»÷¸ßÅÅÃûËÑË÷ÒýÇæÁ˾ֺó £¬ÊÔͼ²é³­Ç®°üÓà¶îʱ £¬»áÎÞÒâ¼ä½«Ç®°üÖú¼Ç´ÊÌá½»ÖÁ´¹µöÍøÕ¾¡£Öú¼Ç´ÊÊǸ´Ô­¼ÓÃÜÇ®±ÒÇ®°ü²¢½Ó¼û×ʽðµÄ¹Ø¼ü £¬±»µÁ×ʲúѸ¿ìͨ¹ý¼ÓÃÜÇ®±Ò»ì±ÒÆ÷×ªÒÆ £¬Ê¹µÃ×·×ÙºÍ×·»ØÏÕЩ²»³ÉÄÜ¡£×êÑÐÈËÔ±·¢ÏÖ £¬FreeDrainÐж¯Í¨¹ýÔÆ»ù´¡ÉèÊ©ÍйܴóÁ¿µö¶üÒ³Ãæ £¬·ÂÕպϷ¨¼ÓÃÜÇ®±ÒÇ®°ü½çÃæ £¬²¢×ÛºÏʹÓöàÖÖ¼¼ÊõÓÕʹÊܺ¦ÕßÎóÒÔÎªÍøÕ¾ºÏ·¨¡£´Ë±í £¬ÔËÓªÕß»¹Í¨¹ýÔÚÊØ»¤²»ÉƵÄÍøÕ¾ÉϽøÐдó¹æÄ£ÆÀÂÛ¹àË® £¬ÌáÉýµö¶üÒ³ÃæµÄ¿É¼û¶È¡£µ÷²éÏÔʾ £¬FreeDrainʹÓÃһʱ»ù´¡ÉèÊ©ºÍ¹²ÏíÃâ·Ñ·þÎñ £¬ËÝÔ´Ðж¯ÓµÓÐÌôÕ½ÐÔ £¬µ«×êÑÐÈËԱͨ¹ý¶ÈÎö²Ö¿âÔªÊý¾Ý¡¢ÐÐΪÐźź͹¦·òºÛ¼£ £¬³É¹¦»ñÈ¡ÁËÔËÓªÕßÌØµãµÄ³ÁÒªÏßË÷ £¬Åú×¢¸ÃÐж¯¼«¿ÉÄÜÓÉÓ¡¶È¾³ÄÚÈËÔ±Ôڳ߶ȹ¤×÷ÈÕʱ¶ÎÖ´ÐС£


https://www.infosecurity-magazine.com/news/freedrain-phishing-scam-crypto/