Hackers Use ClickFix Trick to Deploy Havoc C2 Framework

Cybersecurity researchers have uncovered a new phishing campaign employing the ClickFix technique to deploy the open-source command and control (C2) framework Havoc. The attackers conceal each stage of the malware behind a SharePoint site and utilize a modified version of Havoc Demon with the Microsoft Graph API to hide C2 communications within trusted and well-known services. This method makes malicious communications harder to detect.