Tech »  Topic »  ClickFix Infrastructure Surprises Inform Better Blocking

ClickFix Infrastructure Surprises Inform Better Blocking

20 hours ago   bankinfosecurity

Big Crossover Found Between ClickFix and Adversary-in-the-Middle Infrastructure Mathew J. Schwartz (euroinfosec) • October 30, 2025

New research spotted a massive crossover between IP addresses used for both ClickFix and adversary-in-the-middle attacks. (Image: Shutterstock)

Tracking how cybercriminals and their service providers use malicious infrastructure can give cyber defenders an edge for combating threat actors' targeting.

See Also: AI vs. AI: Leveling the Defense Playing Field

A recent study of attacker telemetry by U.K.-based proactive threat intelligence firm Lab539 found a "staggering" - and unexpected - 76% overlap in the IP addresses being used for two very different types of targeting: adversary-in-the-middle, or AiTM, attacks that are designed to look like a legitimate user is logging in, as well as ClickFix attacks designed to trick a user into running malicious code that an attacker's website often pastes into their browser.

John Fitzpatrick, a Lab539 threat researcher, said AiTM remains far and ...


Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE