New ClickFix Attack Uses Fake Browser Fix to Install DarkGate Malware

Researchers at Point Wild have discovered a new ClickFix attack campaign that tricks users into manually installing DarkGate malware via fake browser extension alerts. Learn how this attack bypasses security by using the Windows Run box and how you can stay safe.

We are used to clicking through human verification tests and browser updates without second thoughts, but a new threat is using these habits against us.

Cybersecurity researchers at Point Wild’s Lat61 Threat Intelligence Team have discovered a malware campaign that relies on a social engineering trick known as ClickFix. This method involves deceiving people into manually running damaging commands that, in this case, lead to the installation of DarkGate remote-access malware.

How the Trap Works

The trouble starts when a user sees a fake message claiming the “Word Online” extension is missing. To view the document, the site tells you to click the “How to fix” button ...