Tag

#ClickFix

11 stories taggedClickFix.

Full frame photoreal editorial image of a laptop screen showing a generic blurred verification prompt with a checkbox, warm desk lamp light, a Mexican peso coin
Threat Intelligence

Fake CAPTCHA Pages Are Stealing From Mexican Bank Customers

Elastic Security Labs is tracking a fraud campaign, dubbed REF6045, that tricks people into pasting a malicious command from a bogus 'prove you're human' page.

3 min
A computer screen displaying a fake error message with a prompt to paste a command, in an office environment
Threat Intelligence

ClickFix: Emerging Favorite for Cybercriminals in Malware Delivery

New research highlights how ClickFix, a social engineering tactic, is dominating the malware delivery landscape across various systems.

2 min
Full-frame photoreal editorial image of a laptop screen showing a generic web browser with a red warning icon in the address bar and a blurred popup dialog, dim
Threat Intelligence

Opera's new Paste Protect tries to stop the copy-paste scam that's been draining wallets

The browser will now block dodgy commands before they reach your clipboard, targeting the ClickFix trick that has become criminals' favourite way to trick people into infecting their own computers.

3 min
Photoreal editorial close-up of a laptop screen showing a generic blurred cloud sign-in prompt, a translucent glowing link being dragged across the screen by a
Identity & Access

Drag, Drop, Hijacked: How 'ConsentFix' Steals Microsoft 365 Sessions in Seconds

A new twist on the ClickFix trick turns Microsoft's own sign-in prompts into a session-theft machine — and a step-by-step guide is now circulating on a Russian crime forum.

4 min
Threat Intelligence

ClickFix Grows a Back Office: API-Served Payloads and a New AMSI Bypass

Researchers pulled roughly 3,000 live payloads from ClickFix infrastructure and found a polymorphic delivery pipeline built to defeat Windows script scanning.

2 min
Threat Intelligence

Mistic Backdoor Shows Up in IAB-Brokered Intrusions Across Four Verticals

A quiet new implant tied to the KongTuke access broker is landing on insurance, education, IT, and professional services networks — and it's not riding a CVE to get there.

3 min
Threat Intelligence

Mistic Backdoor Ties to IAB Selling Enterprise Footholds to Ransomware Gangs

A new in-memory backdoor named Mistic has been active since April, and the threat actor behind it has reportedly funneled access to Qilin, Akira, Black Basta, and others.

2 min
Threat Intelligence

ClickFix Campaign Turns Google Ads, GitLab, and Claude Into a Six-Wave Trust Machine

Attackers chained legitimate infrastructure across seven weeks to push malicious PowerShell commands to developers. Session tokens, SSH keys, and cloud credentials were the prize.

3 min
Threat Intelligence

Three New Loaders Ride the ClickFix Wave: BabaDeda, Lorem Ipsum, and Potemkin

Separate research teams have pinned three distinct loader families on the same social-engineering pattern, with education and finance taking the brunt of the April 2026 activity.

3 min
Threat Intelligence

The Week the Tape Came Off: Old Bugs, Cheap C2, and AI That Breaks Things

A roundup of the criminal-economy churn driving this week's intrusions, from plugin holes to agentic AI gone feral.

2 min
Vulnerabilities

A SQL Bug in a Blogging Tool Just Became a ClickFix Delivery Truck

Attackers turned 700+ Ghost CMS sites into watering holes by exploiting CVE-2026-26980, smuggling fake CAPTCHA prompts that trick visitors into running malware on themselves.

2 min
© 2026 Threat Vectr