Tag

Clickfix

All articles tagged with #clickfix

technology12 days ago•4 min saved

DNS Channel Used to Deliver PowerShell Payload in ClickFix Attacks

A new ClickFix variant uses a DNS-based delivery channel: victims are prompted to run nslookup in the Run dialog, querying an attacker-controlled DNS server. The DNS response contains a PowerShell payload that, when executed, downloads a ZIP with a Python runtime and malware scripts, establishes persistence, and installs ModeloRAT. This marks the first known use of DNS for staging and delivering ClickFix payloads, enabling on-the-fly payload updates and blending with normal DNS traffic instead of relying on HTTP.

via BleepingComputer|

#clickfix #dns #modelorat

cybersecurity1 month ago•2 min saved

ErrTraffic: New $800 Service Automates Large-Scale ClickFix Cyberattacks

ErrTraffic is a new cybercrime platform that automates ClickFix attacks by creating fake browser glitches on compromised websites to trick users into downloading malware or executing malicious commands, with high success rates and customizable payloads targeting multiple operating systems, primarily sold on hacker forums for $800.

via BleepingComputer|

#clickfix #cybercrime #cybersecurity

security3 months ago•2 min saved

ClickFix Threat Evolves, Signaling New Wave of Malicious Copy-and-Paste Attacks

ClickFix is a sophisticated scam campaign targeting Windows and macOS users by exploiting trust in online travel bookings and using social engineering tactics, such as fake CAPTCHA prompts and device-adaptive payloads, to infect devices with malware like PureRAT. The attacks leverage native OS capabilities and often bypass security tools, making awareness and cautious behavior the best defenses, especially during holiday gatherings when family members may be less vigilant.

via Ars Technica|

#clickfix #cyberattack #endpoint-protection

cybersecurity8 months ago•4 min saved

FileFix and ClickFix Attacks Surge in 2025, ESET Reports

The article discusses a 517% rise in ClickFix social engineering attacks using fake CAPTCHA verifications, leading to various malware infections, and introduces a new method called FileFix that tricks users into executing malicious commands via file paths. It also highlights recent phishing campaigns exploiting domains, email lures, and legitimate platforms to steal personal information and control victims' devices.

via The Hacker News|

#clickfix #cyberattack #cybersecurity

technology8 months ago•2 min saved

Rising ClickFix Attacks and New Phishing Tactics Threaten PC Security in 2025

The ESET Threat Report H1 2025 highlights a dynamic threat landscape with the rise of ClickFix, a versatile attack vector, shifts in infostealer malware like SnakeStealer, a surge in Android adware and NFC-based fraud, and ongoing chaos in the ransomware scene, despite a drop in ransom payments.

via WeLiveSecurity|

#clickfix #cybersecurity #infostealers