Microsoft has issued a warning about a new DNS vulnerability.

Microsoft issued a warning about a new ClickFix variant where attackers trick users into running commands that perform custom DNS lookups delivering second‑stage malware payloads. The DNS response is crafted to supply executable content, enabling attackers to bypass traditional network‑based detection by blending in with normal DNS traffic. This attack chain ultimately installs a Python‑based reconnaissance script followed by the ModeloRAT remote access trojan and a persistence mechanism. The campaign is linked to threat actor activity observed by Huntress, including a related variant known as CrashFix targeting corporate environments.

Read more:

https://www.securityweek.com/microsoft-warns-of-clickfix-attack-abusing-dns-lookups/