A recent attack mimicking ClickFix tactics used a fake AnyDesk installer to deploy MetaStealer. The infection chain involved a fake Cloudflare Turnstile lure, Windows search protocol, and an MSI package disguised as a PDF. Unlike traditional ClickFix attacks, this variant redirected users to Windows File Explorer instead of the Run dialog box. The attack cleverly grabbed the victim's hostname and ultimately aimed to drop MetaStealer, a commodity infostealer known for harvesting credentials and stealing files. This incident highlights the evolving nature of social engineering attacks and the need for updated security measures and user education.