Close Menu
World Forbes – Business, Tech, AI & Global Insights
  • Home
  • AI
  • Billionaires
  • Business
  • Cybersecurity
  • Education
    • Innovation
  • Money
  • Small Business
  • Sports
  • Trump
What's Hot

South African comic book fans gather at Comic-Con Africa in Johannesburg

August 30, 2025

Thousands of redheads celebrate their strands at Dutch festival

August 30, 2025

Saturday’s Powerball drawing worth $1 billion

August 29, 2025
Facebook X (Twitter) Instagram
Trending
  • South African comic book fans gather at Comic-Con Africa in Johannesburg
  • Thousands of redheads celebrate their strands at Dutch festival
  • Saturday’s Powerball drawing worth $1 billion
  • Pollution, development and climate change threaten Florida’s freshwater springs
  • With dawn of AI, talk of tech and religion merge for some
  • What is Labor Day. All you need to know
  • White House Reportedly Selects Jim O’Neill As CDC Director As Staffers Protest
  • Trump Administration Could Target Chicago With New Immigration Operation
World Forbes – Business, Tech, AI & Global InsightsWorld Forbes – Business, Tech, AI & Global Insights
Sunday, August 31
  • Home
  • AI
  • Billionaires
  • Business
  • Cybersecurity
  • Education
    • Innovation
  • Money
  • Small Business
  • Sports
  • Trump
World Forbes – Business, Tech, AI & Global Insights
Home » ClickFix Widely Adopted by Cybercriminals, APT Groups
Cybersecurity

ClickFix Widely Adopted by Cybercriminals, APT Groups

adminBy adminMarch 14, 2025No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email
Post Views: 79


Since August 2024, both state-sponsored hackers and cybercriminals have been adopting a technique called ClickFix to deploy information stealer malware, cybersecurity firm Group-IB reports.

ClickFix is a social engineering technique in which malicious JavaScript code on web pages prompts the user to perform an action that results in the delivery of a malicious payload.

Typically, the user sees a prompt instructing them to perform an update, fix an error, or verify that they are human on a fake reCAPTCHA page containing malicious code.

The malicious JavaScript code copies a command to the clipboard, and the user is instructed to open the Windows Run dialogue by pressing Win+R, paste the clipboard content using the Ctrl+V key combination, and hit Enter.

This causes the malicious command to be executed on the victim’s machine, and a malware payload to be delivered, typically an information stealer such as Lumma, XWorm RAT, VenomRAT, AsyncRAT, and others. In one instance, the final payload was the DarkGate malware.

Group-IB observed threat actors relying on phishing emails, malvertising, and spam messages on forums, social media platforms, and comment sections to direct victims to malicious websites, phishing sites mimicking legitimate services, and compromised websites hosting malicious code associated with ClickFix.

An earlier iteration of the technique was observed in October 2023, disguised as a Cloudflare anti-bot protection prompt. The broad adoption of the more mature technique called ClickFix, however, started in August 2024, and appears to have accelerated since the beginning of 2025.

Hunting for both the fake reCAPTCHA element and for the copy-to-clipboard functionality observed in these attacks, Group-IB identified multiple variants of ClickFix pages that impersonate Google reCAPTCHA, social media sites, Cloudflare bot protection, or claim issues with the user’s browser.

Advertisement. Scroll to continue reading.

All variations work in a similar manner: the user is prompted to click on the ‘I’m not a robot’, ‘Fix it’, or ‘Copy Fix’ prompt, which automatically copies the malicious code to the clipboard, and then to execute the code in the Run dialog.

“The possibilities are endless, and the technique continues to evolve, finding innovative ways to deceive users. As threat actors refine their methods, we can expect even more sophisticated variants to emerge,” Group-IB notes.

The cybersecurity firm observed ClickFix attacks targeting users of websites offering free movies, games, or cracked software, GitHub users, and enterprise users. It also notes that APT groups such as Iran-linked MuddyWater and Russia-linked APT28 have been employing the ClickFix technique in their attacks.

This week, Microsoft warned of attacks against the hospitality sector in North America, Europe, Oceania, and Asia leveraging the ClickFix technique, and Cofense detailed its use in the distribution of the XWorm RAT.

Related: Homebrew macOS Users Targeted With Information Stealer Malware

Related: ‘SteelFox’ Miner and Information Stealer Bundle Emerges

Related: Threat Actors Abuse GitHub to Distribute Multiple Information Stealers

Related: Information Stealer Exploits Windows SmartScreen Bypass



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
admin
  • Website

Related Posts

O2 Service Vulnerability Exposed User Location

May 20, 2025

Madhu Gottumukkala Officially Announced as CISA Deputy Director

May 20, 2025

BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software

May 19, 2025

Printer Company Procolored Served Infected Software for Months

May 19, 2025

UK Legal Aid Agency Finds Data Breach Following Cyberattack

May 19, 2025

480,000 Catholic Health Patients Impacted by Serviceaide Data Leak

May 19, 2025
Add A Comment
Leave A Reply Cancel Reply

Don't Miss
Billionaires

OnlyFans Billionaire’s Fortune Doubles Amid Sale Talks And $700 Million Dividend

August 22, 2025

OnlyFans, a NSFW social network for creators has become a cash cow for its owner…

Tennis Legend Roger Federer Is Now A Billionaire

August 22, 2025

Sam Altman Is Going After Elon Musk’s Empire, One Company At A Time

August 18, 2025

How A Berkeley Professor Built Billion-Dollar Companies In His Lab

August 10, 2025
Our Picks

South African comic book fans gather at Comic-Con Africa in Johannesburg

August 30, 2025

Thousands of redheads celebrate their strands at Dutch festival

August 30, 2025

Saturday’s Powerball drawing worth $1 billion

August 29, 2025

Pollution, development and climate change threaten Florida’s freshwater springs

August 29, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

About Us
About Us

Welcome to World-Forbes.com
At World-Forbes.com, we bring you the latest insights, trends, and analysis across various industries, empowering our readers with valuable knowledge. Our platform is dedicated to covering a wide range of topics, including sports, small business, business, technology, AI, cybersecurity, and lifestyle.

Our Picks

After Klarna, Zoom’s CEO also uses an AI avatar on quarterly call

May 23, 2025

Anthropic CEO claims AI models hallucinate less than humans

May 22, 2025

Anthropic’s latest flagship AI sure seems to love using the ‘cyclone’ emoji

May 22, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

Facebook X (Twitter) Instagram Pinterest
  • Home
  • About Us
  • Advertise With Us
  • Contact Us
  • DMCA Policy
  • Privacy Policy
  • Terms & Conditions
© 2025 world-forbes. Designed by world-forbes.

Type above and press Enter to search. Press Esc to cancel.