23 articles tagged with "Clickfix"
ClickFix attackers bypass macOS 26.4 Terminal paste scanning by using applescript:// URLs to launch Script Editor. Same payload, new delivery vector.
New DeepLoad malware combines ClickFix delivery with AI-generated obfuscation to bypass security scanners. WMI persistence survives remediation for days.
Malwarebytes researchers detected a Vidar infostealer campaign using fake CAPTCHA pages on compromised WordPress sites. ClickFix technique tricks users into running malicious PowerShell.
A new macOS infostealer combines ClickFix social engineering with Nuitka-compiled Python to evade detection. First documented campaign pairing these techniques.
New Torg Grabber infostealer targets 728 cryptocurrency wallet extensions and 103 password managers. Spreads via ClickFix clipboard hijacking with Cloudflare-based exfiltration.
LeakNet ransomware now uses ClickFix social engineering via hacked websites and a Deno-based in-memory loader to evade detection. Here's how the attack chain works.
Three ClickFix campaigns target macOS users with MacSync infostealer disguised as ChatGPT and AI coding tools. Latest variant adds in-memory execution to evade detection.
Global campaign hijacks WordPress sites in 12 countries to serve fake Cloudflare CAPTCHAs that deploy Vidar, VodkaStealer, and other credential theft malware.
Russian-linked AuraStealer infostealer uses TikTok videos and 48 C2 domains to steal credentials. ABE bypass defeats Chrome's cookie encryption.
IBM X-Force discovers Hive0163 using LLM-generated Slopoly malware in Interlock ransomware attacks, marking a shift in how threat actors weaponize AI to accelerate malware development.
Ransomware affiliate Velvet Tempest uses ClickFix social engineering to deploy DonutLoader and CastleRAT in 12-day intrusion linked to Termite ransomware staging.
Malicious QuickLens browser add-on combines Google Lens functionality with ClickFix social engineering to drain cryptocurrency wallets through fake CAPTCHA prompts.
Huntress responds to ClickFix intrusion deploying Matanbuchus 3.0 and custom AstarionRAT. Attackers achieved lateral movement within 40 minutes.
Elastic Security Labs uncovers ClickFix campaign abusing compromised bincheck.io to deliver MIMICRAT, a custom C++ RAT with SOCKS5 tunneling and token impersonation capabilities.
Microsoft warns of ClickFix variant using nslookup commands to stage malware via DNS traffic. Delivers ModeloRAT through fileless attack chain.
Microsoft Defender Experts track expanding infostealer campaigns hitting macOS via ClickFix prompts, malicious DMG installers, and Python-based stealers. DigitStealer, MacSync, and AMOS lead the wave.
Microsoft warns of ClickFix variant that deliberately crashes Chrome, then social-engineers victims into running PowerShell. Only domain-joined hosts targeted.
Google Mandiant exposes UNC1069's use of AI-generated deepfake video, compromised executive accounts, and ClickFix attacks to deploy macOS malware against cryptocurrency firms.
Open-source Tirith tool hooks into bash, zsh, fish, and PowerShell to catch Unicode imposter commands, ANSI injection, and pipe-to-shell tricks in real time.
New campaign combines fake CAPTCHA pages with signed Microsoft scripts to bypass security tools and install Amatera infostealer on enterprise systems.
The NexShield Chrome extension impersonated uBlock Origin's developer and used ClickFix techniques to deliver ModeloRAT malware to corporate networks.
North Korean APT-Q-1 now combines fraudulent cryptocurrency job postings with ClickFix social engineering to deploy GolangGhost backdoor and BeaverTail stealer.
Hudson Rock research reveals 220 legitimate business websites hijacked for ClickFix malware attacks after admin credentials were stolen by infostealers.