ClickFix Scam Exposed! Protect Your Data Before It's Too Late
Essential information
- Published
- 11/02/2025 11:54
- Modified
- 11/02/2025 14:34
- Tags
- 2025-02-11 captcha clickfix credential-theft deepseek lumma stealer phishing social engineering vidar stealer
- Related entities
- 7 observables, 18 techniques (mitre), 2 malware
Description
Cybercriminals are exploiting DeepSeek's popularity to launch ClickFix phishing campaigns, tricking users into clicking fake CAPTCHA links that steal credentials and install malware like Vidar and Lumma Stealer. These attacks impersonate DeepSeek's branding to appear legitimate and bypass security measures. A malicious domain was discovered distributing malware via deceptive verification buttons. The campaign uses Cloudflare to mask its true nature and evade detection. The malware incorporates social media platforms for updates, support, and command-and-control functionality. Recommendations include user education, multi-factor authentication, email filtering, network segmentation, and regular software updates to mitigate the risks of phishing attacks and protect against data theft and financial loss.