Tag: clickfix
43 articles

ACR Stealer Exploits ClickFix Lures to Target Microsoft 365 Files
Microsoft's Defender Experts team uncovered a sneaky ACR Stealer campaign that uses ClickFix lures to swipe sensitive Microsoft 365 files, browser passwords, and authentication tokens from unsuspecting users. This stealthy attack leaves enterprise environments vulnerable, with stolen data including PDFs, synced OneDrive and SharePoint folders, and more.

OkoBot Malware Targets Crypto Wallets with 20 Payloads
Beware of OkoBot malware, a sneaky threat that's using clever tactics like fake GitHub repositories and ClickFix attacks to steal your cryptocurrency wallet secrets and sensitive data. This malicious framework is armed with over 20 payloads, making it a formidable foe in the world of cybercrime.

TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands
Meet TELEPUZ, a sneaky new malware that's spreading fast via ClickFix, a clever social-engineering trick that hijacks your clipboard and tricks you into running malicious commands. This lightweight threat can steal data and execute commands, making it a rapidly developing danger you won't want to ignore.

macOS Stealer Uses Coercion Loop to Force Password Entry
A new macOS stealer malware has hit over 100 victims across 33 countries in just two months, with a clever coercion loop trick that forces users to enter their passwords. The attack starts with a simple paste-and-run lure, where victims unknowingly paste a command into Terminal after visiting a malicious webpage.

OkoBot Malware Targets Crypto Users Worldwide
Meet OkoBot, a sneaky malware framework that's got crypto users worldwide in its crosshairs, with over 20 malicious payloads and implants that can be assembled in different ways to wreak havoc. It spreads through clever tactics like ClickFix attacks and fake GitHub packages masquerading as legitimate software.

Microsoft 365 Accounts Targeted in 3-Second Hijacking Attacks
Beware of a sneaky 3-second hack that can hijack your Microsoft 365 account with just a click - it starts with a harmless-looking link that tricks you into executing the attack yourself. This clever tactic, known as ClickFix, exploits a simple human reflex to gain control of your account.

Researcher Exposes API-Driven Malware Delivery in ClickFix Campaigns
Security researcher Bert-Jan Pals' in-depth analysis of 3,000 live payloads reveals that the ClickFix campaign's API-driven malware delivery method is rapidly evolving, making it a persistent threat that's hard to defend against. This sneaky tactic moves malicious actions off the page and into backend services, issuing commands on demand with fresh disguises on every request.

Cybercriminals Exploit ClickFix to Deliver Malware
Don't assume macOS is safe from cyber threats - a recent report warns that it now requires the same level of monitoring and protection as Windows to prevent malware attacks. Cybercriminals are using the ClickFix technique to deliver malware, tricking victims into running malicious commands.

Gizmodo Readers Targeted by ClickFix Malware After Account Compromise
If your Gizmodo account was compromised, be aware that you may have been targeted by the ClickFix malware, which showed up as suspicious prompts after the breach. Stay vigilant and take immediate action to protect your online security!

Hackers Exploit ChatGPT Features in Malware Phishing Campaigns
Hackers are exploiting ChatGPT's features to create convincing phishing pages that trick victims into downloading malware, using the platform's code-rendering feature to build fake pages that appear legitimate. These attacks cleverly use trusted ChatGPT domains to evade detection, making them harder to spot.

Ghost CMS Flaw Exploited to Hijack Over 700 Sites in ClickFix Attacks
Over 700 websites were hijacked in a massive campaign that exploited a critical Ghost CMS vulnerability, turning legitimate pages into gateways for Windows malware. This alarming attack was made possible by CVE-2026-26980, an SQL injection flaw with a near-perfect CVSS score of 9.4.

Ghost CMS SQL flaw fuels large-scale ClickFix attacks
Over 700 domains were hit in a massive cyberattack that exploited a critical vulnerability in Ghost CMS, putting sensitive data at risk. The flaw, tracked as CVE-2026-26980, allowed hackers to tap into site databases and steal admin API keys.

Cybercriminals Leverage ClickFix with PySoxy for Persistent Attacks
Cybercriminals are using a potent combination of ClickFix and PySoxy to launch persistent attacks, with experts warning that their deliberate preparation shows a sinister intent for continued access. This sophisticated tactic allows attackers to survive removal attempts and endpoint blocks, making it a major threat.

macOS ClickFix Attacks Harvest Credentials via AppleScript Stealers
macOS users beware: a sneaky ClickFix campaign is using AppleScript stealers to harvest credentials from 14 browsers, 16 cryptocurrency wallets, and over 200 extensions. This targeted attack has already made off with a staggering amount of sensitive info - and it's still on the loose.

macOS Users Targeted in ClickFix Malware Campaign
macOS users are being targeted in a sneaky new malware campaign called ClickFix, which tricks them into executing malicious commands by abusing the Script Editor and Terminal tools. This latest attack raises a pressing question: how can we trust our trusted tools when they're being exploited by hackers?

Venom Stealer Platform Automates Data Theft with ClickFix Tactics
Imagine a silent thief lurking in the shadows of your digital life, quietly siphoning off sensitive info - and now, cybercriminals can easily access this capability with Venom Stealer, a new malware-as-a-service tool that automates data theft with alarming ease. This menacing platform is poised to revolutionize cybercrime, making it simpler than ever for attackers to steal credentials, cookies, and cryptocurrency assets.

DeepLoad Malware Poses Critical Threat with Advanced Evasion Tactics
A new and highly sophisticated malware threat, DeepLoad, has emerged with advanced evasion tactics that blur the lines between human psychology and digital security, putting sensitive information at risk. This powerful malware loader uses social engineering and AI-assisted obfuscation to evade detection, making it a critical threat that demands immediate attention.

JackFix Exclusive Alert: Dangerous Fake Windows Updates
Heads up — don’t paste that “Windows fix” command: a slick new scam uses fake CAPTCHAs and cloned sites to trick users into running malware that gives attackers persistent access to otherwise patched PCs.

Cybercriminals Exploit Push Notifications: Stunning Risks
Think your browsers push alerts are harmless? Cybercriminals are hijacking browser push notifications and fake verification prompts to deliver stealthy malware and persistent backdoors, turning everyday web conveniences into covert attack channels.

ClickFix Phishing Exclusive: Critical Hotel Malware Alert
Imagine a routine support ticket that silently installs malware—attackers are using ClickFix‑style pages sent from compromised hotel emails to steal credentials or drop remote‑access tools like PureRAT. Be cautious: don’t paste commands or log in from unexpected support links—verify the sender and the page first.

copy-paste attacks: Dangerous, Must-Have Fixes
When a site tells you “paste this into your console” it may seem like helpful tech support, but ClickFix attacks are a fast‑growing social‑engineering scam that trick users into running scripts that steal tokens, clipboard data, or install persistent browser malware. Learn why low technical barriers, defenses that can be bypassed by user interaction, and high‑value browser tokens make copy‑paste attacks especially dangerous — and what can be done to stop them.

BAITSWITCH and SIMPLEFIX: Exclusive Dangerous APT Alert
A new wave of Russia-linked intrusions tied to COLDRIVER is using tiny but sneaky loaders—BAITSWITCH and SIMPLEFIX—to stay under the radar and make detection harder. Defenders and policymakers alike must lean on smarter telemetry, rapid sharing, and solid cyber hygiene to stop these modular campaigns before they spread.

ClickFix lures: Must-Have Critical Warning
DPRK-linked hackers are swapping code-focused bait for ClickFix-style tickets that trick marketing and trading teams into installing BeaverTail and InvisibleFerret malware, putting funds and customer systems at risk. It’s a wake-up call to treat phishing as a financial-security issue—tighten email defenses, role-based access, and training beyond engineering.

CastleRAT malware: Exclusive Dangerous C/Python Threat
A new strain of CastleRAT, now rewritten in both C and Python, is being spread via a nasty ClickFix trick that convinces users to paste malicious commands into their terminals—don’t paste commands you don’t trust. Stay skeptical of unsolicited “fixes,” verify sources, and treat pasteable commands like executable attachments.