Cybersecurity experts at ANY.RUN recently unveiled alarming trends<\/strong><\/a> in how attackers are exploiting everyday technologies to bypass security operations centers (SOCs).<\/p>\n They dissected tactics like QR code phishing, ClickFix social engineering<\/a>, and Living Off the Land Binaries (LOLBins), showing how these methods evade traditional defenses.<\/p>\n As threats grow<\/strong><\/a> more sophisticated, SOC teams face mounting pressure to adapt, with low detection rates risking severe breaches. Drawing from analyses of real-world samples, the session emphasized interactive tools and real-time intelligence as vital countermeasures.<\/p>\n ClickFix attacks<\/a> stand out for their reliance on user interaction, turning routine verifications into malware gateways. Attackers send phishing emails mimicking trusted sites, like booking platforms, complete with fake CAPTCHAs.<\/p>\n Once a victim clicks, a malicious PowerShell script hijacks the clipboard unnoticed, prompting the user to paste and execute it via a system dialog.<\/p>\n This multi-stage ploy thrives on deception: double spoofing creates convincing replicas, while manual steps foil automated scanners.<\/p>\n Sandbox analyses reveal<\/a><\/strong> how execution deploys stealers like Lumma or AsyncRAT<\/a>, plus ransomware, establishing persistence through startup files.<\/p>\n Traditional tools falter at CAPTCHAs, but interactive sandboxes simulate human actions, exposing the full chain from initial click to payload delivery in seconds.<\/p>\n Without such capabilities, SOCs miss threats that blend seamlessly into user workflows, leading to credential theft and system compromise.<\/p>\n Phishing kits, or phishkits, have evolved into dark web staples, empowering novices to launch pro-level campaigns against giants like Microsoft and Google.<\/p>\n The latest twist integrates QR codes into PDF attachments disguised as DocuSign docs, directing scans to mobile devices where phishing cues hide on small screens.<\/p>\n These kits incorporate AI-generated lures, multi-stage checks, and CAPTCHAs like Cloudflare Turnstile, culminating in fake login pages for credential harvesting.<\/p>\n ANY.RUN\u2019s automated detonation<\/strong><\/a> extracts QR links, solves challenges, and traces the kill chain, revealing ties to groups like Storm-1747<\/a>.<\/p>\n Many defenses overlook QR content, allowing evasion, but advanced sandboxes handle this autonomously, cutting Tier 1 workloads by 20%. As phishkits proliferate, targeting regions via localized lures, SOCs must prioritize QR scanning to curb widespread campaigns.<\/p>\n LOLBins exploit Windows\u2019 own utilities, PowerShell, mshta.exe, and cmd.exe to mask malice as routine operations. A phishing .lnk file might invoke mshta via PowerShell to fetch payloads from remote servers, downloading decoy PDFs to obscure the real stealer, like DeerStealer<\/a>.<\/p>\n This \u201cliving off the land\u201d approach evades whitelists and antivirus software by mimicking admin tasks, leaving faint forensic traces.<\/p>\n Behavioral analysis in sandboxes<\/a><\/strong> uncovers connections to C2 servers and persistence mechanisms, distinguishing abuse from legitimacy.<\/p>\n Without context from global investigations, alerts trigger false positives. Threat intelligence feeds, pulling fresh IOCs from thousands of sessions, enable real-time blocking, slashing response times.<\/p>\n The tactics employed by ClickFix, including interactivity, QR obfuscation, and LOLBin stealth, highlight the limitations of relying solely on automation.<\/p>\n ANY.RUN\u2019s solutions<\/a>, which combine interactive analysis with shared intelligence, enhance detection rates by 88% in under a minute and reduce mean time to resolve (MTTR) by 21 minutes.<\/p>\n Security Operations Centers (SOCs) that implement these solutions report a 30% decrease in escalations and a tripling of efficiency, thereby strengthening their defenses against an increasingly relentless adversary landscape.<\/p>\n Enhance your SOC Performance With Interactive Sandbox Threat Intelligence Lookup and Feeds => Try Now<\/a><\/strong><\/p>\n The post Emerging Cyber Threats Featuring QR Codes ClickFix and LOLBins Challenging SOC Defenses<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nClickFix Attacks: Mastering Human Deception<\/strong><\/h3>\n
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhM7BvKXH9zcp0djXpQzRkbkezbM7JQzpOzTvNTXEbwZz_0xKmpj6TZKtCAXBNMP-jd3bML6kwCfRgy7pKwowQcz8jXmDQff1GsMJ8GfgfZAur-uZYBX1b4MyDgonNreBOIj4k7Bas6Hok_2wqhM9tlyez4RXsICOqRQpxJZj4RpLWUBIuT4uVmckR09Ape\/s16000\/Clickfix%2520attack.webp?ssl=1\")
<\/figure>\nPhishKit Attacks: QR Codes as Stealth Vectors<\/strong><\/h3>\n
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEivrUpdGwsJlEmTG9rjQd40cuw8ZyDz0n5iR9bKcWohpay0pACrQBj7IdkFuW7uXukk-gUszB5ZoKz0m-Nre_GcD3S_aKqa7OAPKe9TwtgkcTlYKsD6hXMKBXwvsvZjNRuIn0NDGjQKy-ifCXyY5m7LI0erA7XXtrPSLiXQsA9_6bvsA0pXmzTcQlCI4jkP\/s16000\/LOLBins.webp?ssl=1\")
<\/figure>\nLOLBins: Weaponizing Trusted Tools<\/strong><\/h3>\n
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgxWq6kSowmnU9uO3DmSvxx2kyZaynWQi1ZrZJzGkRu6PXe_PJtmafpSVA76i0iPF_CXM1psz39_bxSfVTfPkQq_nnwh7Bdg8fWBMfSPzhH9o1s3KXM5MwtCpHtSt2dInXGR3nagoj9EjSAUPkK3s6c2O2on-bDYLs5_-5J2lzQQpeLQu7aiqywelFuJueN\/s16000\/PhishKit%2520Attacks.webp?ssl=1\")
<\/figure>\n