You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
clickfix
About this tag
ClickFix is a social-engineering attack family that tricks victims into copying and pasting malicious commands, often disguised as fake Windows Update screens or other trusted interfaces. Recent campaigns have evolved to include sophisticated techniques such as abusing finger.exe and the Finger protocol (TCP 79) for covert payload delivery, using PNG steganography and .NET Stego Loaders for in-memory execution, and deploying fake OAuth apps to steal Microsoft 365 credentials. These attacks target Windows users across sectors including government, healthcare, and hospitality, delivering infostealers like LummaC2 and Rhadamanthys. The tag covers threat analysis, attack chain breakdowns, and defensive guidance for Windows environments.
Security researchers have identified a clever new variation of ClickFix social‑engineering attacks that abuses the decades‑old Windows utility finger.exe and the Finger protocol (TCP port 79) as a covert delivery channel, letting attacker‑controlled servers return encoded PowerShell and script...
A high-fidelity fake Windows 11 update screen has been weaponized in a new ClickFix campaign to trick victims into executing commands that load in-memory steganographic payloads, ultimately delivering the LummaC2/Lumma stealer and the Rhadamanthys infostealer to compromised machines. Background...
A convincing fake Windows Update screen is the latest disguise in the evolving ClickFix campaign, and the attack chain’s new tricks — automatic clipboard poisoning, PNG steganography and a .NET “Stego Loader” — show a clear shift from simple social engineering to multi-stage, fileless delivery...
Microsoft 365 credentials are now squarely in the crosshairs of a new, sophisticated cyberattack. In a campaign dubbed the ClickFix attack—as first reported by SC Media and detailed by BleepingComputer—the threat actors are using fake OAuth apps to pilfer sensitive credentials from government...
The recent advisory from Microsoft Threat Intelligence has sounded a clear alarm for the hospitality sector and all Windows users alike: a sophisticated phishing campaign impersonating Booking.com is actively targeting organizations with a suite of credential-stealing malware. In this evolving...