ClickFix
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets. The campaign relies on social engineering that promises large profits from a supposed Swapzone.io arbitrage exploit, but instead runs […]
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack
Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. At least two variants of the malicious activity have been observed in the wild, and more than 10,000 users have accessed the content with dangerous instructions. A Claude artifact is content generated with […]
North Korean hackers use new macOS malware in crypto-theft attacks
North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. The threat actor’s goal is financial, as suggested by the role of the tools used in an attack on a fintech company investigated by Google’s Mandiant researchers. During […]
New ClickFix attacks abuse Windows App-V scripts to push malware
A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware. The Microsoft App-V script acts as a living-off-the-land binary that proxies the execution of PowerShell through a trusted Microsoft component to disguise the malicious activity. Microsoft Application Virtualization is an enterprise Windows […]
Fake ad blocker extension crashes the browser for ClickFix attacks
A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser in preparation for ClickFix attacks. The attacks were spotted earlier this month and delivered a new Python-based remote access tool called ModeloRAT that is deployed in corporate environments. The NexShield extension, which has been removed from the Chrome Web Store, was […]
ClickFix attack uses fake Windows BSOD screens to push malware
A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems. A BSOD is a Windows crash screen displayed when the operating system encounters a fatal, unrecoverable error that causes it to […]
New ErrTraffic service enables ClickFix attacks via fake browser glitches
A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating ‘fake glitches’ on compromised websites to lure users into downloading payloads or following malicious instructions. The platform promises conversion rates as high as 60% and can determine the target system to deliver compatible payloads. ClickFix is a social engineering technique where targets […]
New ConsentFix attack hijacks Microsoft accounts via Azure CLI
A new variation of the ClickFix attack dubbed ‘ConsentFix’ abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. A ClickFix attack is a social engineering technique that attempts to trick users into running commands on their computer to install malware or steal data. […]
Google ads for shared ChatGPT, Grok guides push macOS infostealer malware
A new AMOS infostealer campaign is abusing Google search ads to lure users into Grok and ChatGPT conversations that appear to offer “helpful” instructions but ultimately lead to installing the AMOS info-stealing malware on macOS. The campaign was first spotted by researchers at cybersecurity company Kaspersky yesterday, while Huntress managed security platform published a more detailed report earlier today. […]
ClickFix attack uses fake Windows Update screen to push malware
ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. ClickFix is a social-engineering attack where users are convinced to paste and execute in Windows Command Prompt code or commands that lead to running malware on the system. The attack […]