Fix the Click: Preventing the ClickFix Attack Vector
Essential information
- Published
- 10/07/2025 17:53
- Modified
- 13/07/2025 11:26
- Tags
- 2025-07-10 autoit clickfix clipboard hijacking infostealer latrodectus lumma stealer netsupport rat powershell rat social engineering typosquatting
- Related entities
- 65 observables, 8 techniques (mitre), 3 malware, 12 others
Description
This article discusses the rising threat of ClickFix, a social engineering technique used by threat actors to trick victims into executing malicious commands under the guise of quick fixes for computer issues. The technique has been observed in campaigns distributing various malware, including NetSupport RAT, Latrodectus, and Lumma Stealer. ClickFix lures often use clipboard hijacking and can bypass standard detection controls. The article provides case studies of recent campaigns, hunting tips for detecting ClickFix infections, and recommendations for proactive defense measures. It emphasizes the importance of user education and implementing robust security controls to mitigate this evolving threat.