#ClickFix
11 stories taggedClickFix.

Fake CAPTCHA Pages Are Stealing From Mexican Bank Customers
Elastic Security Labs is tracking a fraud campaign, dubbed REF6045, that tricks people into pasting a malicious command from a bogus 'prove you're human' page.

ClickFix: Emerging Favorite for Cybercriminals in Malware Delivery
New research highlights how ClickFix, a social engineering tactic, is dominating the malware delivery landscape across various systems.

Opera's new Paste Protect tries to stop the copy-paste scam that's been draining wallets
The browser will now block dodgy commands before they reach your clipboard, targeting the ClickFix trick that has become criminals' favourite way to trick people into infecting their own computers.

Drag, Drop, Hijacked: How 'ConsentFix' Steals Microsoft 365 Sessions in Seconds
A new twist on the ClickFix trick turns Microsoft's own sign-in prompts into a session-theft machine — and a step-by-step guide is now circulating on a Russian crime forum.

ClickFix Grows a Back Office: API-Served Payloads and a New AMSI Bypass
Researchers pulled roughly 3,000 live payloads from ClickFix infrastructure and found a polymorphic delivery pipeline built to defeat Windows script scanning.

Mistic Backdoor Shows Up in IAB-Brokered Intrusions Across Four Verticals
A quiet new implant tied to the KongTuke access broker is landing on insurance, education, IT, and professional services networks — and it's not riding a CVE to get there.

Mistic Backdoor Ties to IAB Selling Enterprise Footholds to Ransomware Gangs
A new in-memory backdoor named Mistic has been active since April, and the threat actor behind it has reportedly funneled access to Qilin, Akira, Black Basta, and others.

ClickFix Campaign Turns Google Ads, GitLab, and Claude Into a Six-Wave Trust Machine
Attackers chained legitimate infrastructure across seven weeks to push malicious PowerShell commands to developers. Session tokens, SSH keys, and cloud credentials were the prize.

Three New Loaders Ride the ClickFix Wave: BabaDeda, Lorem Ipsum, and Potemkin
Separate research teams have pinned three distinct loader families on the same social-engineering pattern, with education and finance taking the brunt of the April 2026 activity.

The Week the Tape Came Off: Old Bugs, Cheap C2, and AI That Breaks Things
A roundup of the criminal-economy churn driving this week's intrusions, from plugin holes to agentic AI gone feral.

A SQL Bug in a Blogging Tool Just Became a ClickFix Delivery Truck
Attackers turned 700+ Ghost CMS sites into watering holes by exploiting CVE-2026-26980, smuggling fake CAPTCHA prompts that trick visitors into running malware on themselves.