OnlyFans, Discord ClickFix-Themed Pages Spread Epsilon Red Ransomware

Beware of Epsilon Red ransomware as attackers impersonate Discord, Twitch and OnlyFans using fake verification pages with .HTA files and ActiveX to spread malware.

A sophisticated new ransomware campaign is actively tricking internet users around the world by employing fake verification pages to spread a dangerous threat called Epsilon Red malware.

This critical finding is revealed in the latest threat intelligence report by CloudSEK, a leading cybersecurity firm. The ongoing campaign, first spotted in July 2025, uses social engineering in which attackers pretend to be popular online services like Discord, Twitch, and OnlyFans. They trick individuals into downloading malicious .HTA files, which are special HTML Applications that can run scripts directly on a computer.

Silent Infection Through Browser Vulnerabilities

According to CloudSec, when a victim lands on one of the fake ClickFix-themed verification pages and interacts with it, malicious commands run in the background without their knowledge.