Blue Screen of Death malware used in ClickFix campaign targeting hotels

Securonix researchers report a ClickFix phishing campaign that uses a fake Blue Screen of Death to trick hospitality staff into installing malware that disables Windows Defender and steals credentials and clipboard data.

Russian cybercriminals are reported to be running a ClickFix phishing campaign that targets the hospitality sector in Europe. The attack begins with emails claiming an issue with a booking and directs recipients to a page that simulates a system crash. The fake crash prompt offers an apparent fix that leads to malware installation. Researchers say the delivered malware disables Windows Defender and collects passwords and clipboard data. Key details: - The campaign is reported as using deceptive booking emails aimed at hotels and related staff. - Victims are shown a fake Blue Screen of Death to prompt urgent action rather than investigate carefully. - The installed malware is described as an infostealer that captures credentials and clipboard contents and also disables Windows Defender. - Securonix characterises the campaign as a more complex evolution of commodity malware delivery. - There is no specific public name given for the malware in the report; the findings were reported via The Record. Summary: Researchers say the campaign uses social engineering and layered deception to gain access and maintain persistence on compromised systems. The reported activity is focused on hospitality-related email lures and a fake system crash screen. Undetermined at this time.