Cybercriminals Use ClickFix and PySoxy to Maintain System Access
Cybersecurity researchers at ReliaQuest have identified a new cyberattack strategy combining ClickFix with PySoxy, an open-source Python SOCKS5 proxy, to maintain persistent access on compromised systems. ClickFix, a social engineering tactic, tricks users into executing malicious commands, while PySoxy is used to establish a connection to attacker-controlled servers. This method allows attackers to maintain access even after initial intrusion attempts are blocked. The attack sequence involves careful preparation, including reconnaissance and environment assessment, before deploying PySoxy. This approach highlights a shift from one-time user execution to modular post-exploitation, complicating detection and containment efforts. 
