Securitybrief.Co.Nz
LeakNet Ransomware Expands Tactics with ClickFix and Deno Loader
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
LeakNet, a ransomware group, has adopted new tactics involving ClickFix social engineering and a Deno-based fileless loader. This shift allows them to gain initial access through compromised websites, prompting users to execute malicious commands disguised as error fixes. The group has been active since late 2024 and typically averages three victims per month, but recent changes indicate a scaling up of operations. The ClickFix technique has been linked to 59% of top malware families in 2025, complicating detection efforts for defenders. The Deno loader executes malicious payloads in memory, leaving minimal forensic traces. This method utilizes legitimate developer tools to evade security measures, making it harder for organizations to detect and respond to the attacks. ReliaQuest has high confidence in linking these activities to LeakNet based on consistent infrastructure and tactics observed in recent incidents.
Key Points: • LeakNet employs ClickFix lures to trick users into executing malicious commands. • The group uses a Deno-based loader for stealthy, fileless attacks that minimize detection. • LeakNet's operations are expanding, with a notable increase in victim count and sophistication.