Skip to main content

Tag: clickfix

43 articles

Office setting with laptop showing Microsoft 365 interface and scattered papers.

ACR Stealer Exploits ClickFix Lures to Target Microsoft 365 Files

Microsoft's Defender Experts team uncovered a sneaky ACR Stealer campaign that uses ClickFix lures to swipe sensitive Microsoft 365 files, browser passwords, and authentication tokens from unsuspecting users. This stealthy attack leaves enterprise environments vulnerable, with stolen data including PDFs, synced OneDrive and SharePoint folders, and more.

Analyst 207
Person sits at cluttered desk with laptop and papers in a home office setting.

OkoBot Malware Targets Crypto Wallets with 20 Payloads

Beware of OkoBot malware, a sneaky threat that's using clever tactics like fake GitHub repositories and ClickFix attacks to steal your cryptocurrency wallet secrets and sensitive data. This malicious framework is armed with over 20 payloads, making it a formidable foe in the world of cybercrime.

Analyst 207
Blurred laptop screen on a home office workstation with a notepad having a faint scribble nearby.

TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

Meet TELEPUZ, a sneaky new malware that's spreading fast via ClickFix, a clever social-engineering trick that hijacks your clipboard and tricks you into running malicious commands. This lightweight threat can steal data and execute commands, making it a rapidly developing danger you won't want to ignore.

Analyst 207
Person sitting at laptop in dimly lit space with screen showing fake progress animation or terminal window.

macOS Stealer Uses Coercion Loop to Force Password Entry

A new macOS stealer malware has hit over 100 victims across 33 countries in just two months, with a clever coercion loop trick that forces users to enter their passwords. The attack starts with a simple paste-and-run lure, where victims unknowingly paste a command into Terminal after visiting a malicious webpage.

Analyst 207
Cluttered developer workstation with laptop, papers, and coffee cups.

OkoBot Malware Targets Crypto Users Worldwide

Meet OkoBot, a sneaky malware framework that's got crypto users worldwide in its crosshairs, with over 20 malicious payloads and implants that can be assembled in different ways to wreak havoc. It spreads through clever tactics like ClickFix attacks and fake GitHub packages masquerading as legitimate software.

Analyst 207
Office worker looks puzzled at laptop with subtle fake prompt on screen amidst blurred coworkers and computers.

Microsoft 365 Accounts Targeted in 3-Second Hijacking Attacks

Beware of a sneaky 3-second hack that can hijack your Microsoft 365 account with just a click - it starts with a harmless-looking link that tricks you into executing the attack yourself. This clever tactic, known as ClickFix, exploits a simple human reflex to gain control of your account.

Analyst 207
Security researcher analyzing a small device under a focused light in a lab.

Researcher Exposes API-Driven Malware Delivery in ClickFix Campaigns

Security researcher Bert-Jan Pals' in-depth analysis of 3,000 live payloads reveals that the ClickFix campaign's API-driven malware delivery method is rapidly evolving, making it a persistent threat that's hard to defend against. This sneaky tactic moves malicious actions off the page and into backend services, issuing commands on demand with fresh disguises on every request.

Analyst 207
Laptop on office desk with blurred CAPTCHA on screen, surrounded by papers and supplies.

Cybercriminals Exploit ClickFix to Deliver Malware

Don't assume macOS is safe from cyber threats - a recent report warns that it now requires the same level of monitoring and protection as Windows to prevent malware attacks. Cybercriminals are using the ClickFix technique to deliver malware, tricking victims into running malicious commands.

Analyst 207
Cautious hand approaches laptop with blurred screen in neutral workspace.

Gizmodo Readers Targeted by ClickFix Malware After Account Compromise

If your Gizmodo account was compromised, be aware that you may have been targeted by the ClickFix malware, which showed up as suspicious prompts after the breach. Stay vigilant and take immediate action to protect your online security!

Analyst 207
Laptop screen shows ChatGPT-like interface with suspicious URL and blurred malware prompt.

Hackers Exploit ChatGPT Features in Malware Phishing Campaigns

Hackers are exploiting ChatGPT's features to create convincing phishing pages that trick victims into downloading malware, using the platform's code-rendering feature to build fake pages that appear legitimate. These attacks cleverly use trusted ChatGPT domains to evade detection, making them harder to spot.

Analyst 207
Laptop screen displays a blurred CMS interface with a cityscape background.

Ghost CMS Flaw Exploited to Hijack Over 700 Sites in ClickFix Attacks

Over 700 websites were hijacked in a massive campaign that exploited a critical Ghost CMS vulnerability, turning legitimate pages into gateways for Windows malware. This alarming attack was made possible by CVE-2026-26980, an SQL injection flaw with a near-perfect CVSS score of 9.4.

Analyst 207
Laptop screen displays website homepage amidst papers and coffee cups in a busy workspace.

Ghost CMS SQL flaw fuels large-scale ClickFix attacks

Over 700 domains were hit in a massive cyberattack that exploited a critical vulnerability in Ghost CMS, putting sensitive data at risk. The flaw, tracked as CVE-2026-26980, allowed hackers to tap into site databases and steal admin API keys.

Analyst 207
Modern office network closet with equipment racks, patch panels, and computer workstations.

Cybercriminals Leverage ClickFix with PySoxy for Persistent Attacks

Cybercriminals are using a potent combination of ClickFix and PySoxy to launch persistent attacks, with experts warning that their deliberate preparation shows a sinister intent for continued access. This sophisticated tactic allows attackers to survive removal attempts and endpoint blocks, making it a major threat.

Analyst 207
Person sitting in dark room with laptop showing fake login prompt and nearby smartphone and torn paper with credentials.

macOS ClickFix Attacks Harvest Credentials via AppleScript Stealers

macOS users beware: a sneaky ClickFix campaign is using AppleScript stealers to harvest credentials from 14 browsers, 16 cryptocurrency wallets, and over 200 extensions. This targeted attack has already made off with a staggering amount of sensitive info - and it's still on the loose.

Analyst 207
Person sits in dimly lit room surrounded by broken tech, laptop displays fake error message.

macOS Users Targeted in ClickFix Malware Campaign

macOS users are being targeted in a sneaky new malware campaign called ClickFix, which tricks them into executing malicious commands by abusing the Script Editor and Terminal tools. This latest attack raises a pressing question: how can we trust our trusted tools when they're being exploited by hackers?

Analyst 207
Venom Stealer Platform Automates Data Theft with ClickFix Tactics

Venom Stealer Platform Automates Data Theft with ClickFix Tactics

Imagine a silent thief lurking in the shadows of your digital life, quietly siphoning off sensitive info - and now, cybercriminals can easily access this capability with Venom Stealer, a new malware-as-a-service tool that automates data theft with alarming ease. This menacing platform is poised to revolutionize cybercrime, making it simpler than ever for attackers to steal credentials, cookies, and cryptocurrency assets.

Analyst 207
DeepLoad Malware Poses Critical Threat with Advanced Evasion Tactics

DeepLoad Malware Poses Critical Threat with Advanced Evasion Tactics

A new and highly sophisticated malware threat, DeepLoad, has emerged with advanced evasion tactics that blur the lines between human psychology and digital security, putting sensitive information at risk. This powerful malware loader uses social engineering and AI-assisted obfuscation to evade detection, making it a critical threat that demands immediate attention.

Analyst 207
JackFix Exclusive Alert: Dangerous Fake Windows Updates

JackFix Exclusive Alert: Dangerous Fake Windows Updates

Heads up — don’t paste that “Windows fix” command: a slick new scam uses fake CAPTCHAs and cloned sites to trick users into running malware that gives attackers persistent access to otherwise patched PCs.

Analyst 207
Cybercriminals Exploit Push Notifications: Stunning Risks

Cybercriminals Exploit Push Notifications: Stunning Risks

Think your browsers push alerts are harmless? Cybercriminals are hijacking browser push notifications and fake verification prompts to deliver stealthy malware and persistent backdoors, turning everyday web conveniences into covert attack channels.

Analyst 207
ClickFix Phishing Exclusive: Critical Hotel Malware Alert

ClickFix Phishing Exclusive: Critical Hotel Malware Alert

Imagine a routine support ticket that silently installs malware—attackers are using ClickFix‑style pages sent from compromised hotel emails to steal credentials or drop remote‑access tools like PureRAT. Be cautious: don’t paste commands or log in from unexpected support links—verify the sender and the page first.

Analyst 207
copy-paste attacks: Dangerous, Must-Have Fixes

copy-paste attacks: Dangerous, Must-Have Fixes

When a site tells you “paste this into your console” it may seem like helpful tech support, but ClickFix attacks are a fast‑growing social‑engineering scam that trick users into running scripts that steal tokens, clipboard data, or install persistent browser malware. Learn why low technical barriers, defenses that can be bypassed by user interaction, and high‑value browser tokens make copy‑paste attacks especially dangerous — and what can be done to stop them.

Analyst 207
BAITSWITCH and SIMPLEFIX: Exclusive Dangerous APT Alert

BAITSWITCH and SIMPLEFIX: Exclusive Dangerous APT Alert

A new wave of Russia-linked intrusions tied to COLDRIVER is using tiny but sneaky loaders—BAITSWITCH and SIMPLEFIX—to stay under the radar and make detection harder. Defenders and policymakers alike must lean on smarter telemetry, rapid sharing, and solid cyber hygiene to stop these modular campaigns before they spread.

Analyst 207
ClickFix lures: Must-Have Critical Warning

ClickFix lures: Must-Have Critical Warning

DPRK-linked hackers are swapping code-focused bait for ClickFix-style tickets that trick marketing and trading teams into installing BeaverTail and InvisibleFerret malware, putting funds and customer systems at risk. It’s a wake-up call to treat phishing as a financial-security issue—tighten email defenses, role-based access, and training beyond engineering.

Analyst 207
CastleRAT malware: Exclusive Dangerous C/Python Threat

CastleRAT malware: Exclusive Dangerous C/Python Threat

A new strain of CastleRAT, now rewritten in both C and Python, is being spread via a nasty ClickFix trick that convinces users to paste malicious commands into their terminals—don’t paste commands you don’t trust. Stay skeptical of unsolicited “fixes,” verify sources, and treat pasteable commands like executable attachments.

Analyst 207