Tag

Clickfix

All articles tagged with #clickfix

technology11 hours ago•3 min saved

Ghost CMS flaw spawns 700-site ClickFix loader campaign

Threat actors exploited Ghost CMS CVE-2026-26980, a critical Content API SQL injection, to steal Admin API keys and inject malicious JavaScript across 700+ sites, enabling two-stage payload delivery for ClickFix-style fake CAPTCHA attacks; a patch (Ghost 6.19.1) was released in February 2026, and victims span universities, blockchain, SaaS, media, and finance. Remediation: upgrade, rotate credentials, audit access logs, and alert users who visited affected sites.

via The Hacker News|

#admin-api-key #clickfix #cve-2026-26980

security1 day ago•3 min saved

Global Ghost CMS flaw exploited to steal admin keys and push ClickFix scam

A widespread campaign abused a critical Ghost CMS SQL injection (CVE-2026-26980) affecting versions 3.24.0–6.19.0 to read database data and steal admin API keys, then injects malicious JavaScript into articles. The loader fetches a second-stage payload that triggers a fake Cloudflare prompt and a ClickFix lure, leading victims to a Windows command prompt instruction and subsequent malware downloads. High-profile targets (Harvard, Oxford, Auburn, DuckDuckGo) were affected. Ghost released fix 6.19.1 on Feb 19, but many sites have not updated. Action items: upgrade to 6.19.1+, rotate all exposed keys, and review up to 30 days of admin API call logs to identify IoCs and remove injected scripts.

via BleepingComputer|

#admin-api-keys #clickfix #cve-2026-26980

technology4 days ago•4 min saved

Kash Patel’s Based Apparel Site Used as Mac Malware Lure with Fake Cloudflare Page

Security researchers flag BasedApparel.com, Kash Patel’s apparel site, for hosting a ClickFix-style scam that shows a fake Cloudflare warning on macOS and instructs users to copy-paste a Terminal command. The copied text decodes to a hidden shell script that downloads malware capable of stealing browser credentials and crypto-wallet data, exfiltrating it to a hacker-controlled domain. The attack highlights how compromised legitimate sites can deliver infostealers via scareware, and Apple has added protections in macOS 26.4 against pasted Terminal commands; Based Apparel did not comment.

via PCMag|

#clickfix #cybersecurity #macos

technology2 months ago•6 min saved

MacSync Infostealer Lures Mac Users Through ClickFix Social-Engineering Campaigns

Three ClickFix campaigns have been found delivering the macOS infostealer MacSync by tricking users into pasting Terminal commands to download and run a shell script that fetches the payload and exfiltrates credentials, keychains, and seed phrases. The campaigns (Nov 2025 using OpenAI Atlas bait via Google ads; Dec 2025 via ChatGPT-related pages; Feb 2026 with a new variant) rely on social-engineering lures, malvertising, and trusted platforms to disguise malicious commands and payloads, with in-memory AppleScript execution to evade detection. Defenders are urged to patch hosting platforms (e.g., WordPress), monitor for ClickFix/trojan lures, and maintain zero-trust principles as attackers adapt tactics.

via The Hacker News|

#clickfix #cybersecurity #macos

technology3 months ago•4 min saved

DNS Channel Used to Deliver PowerShell Payload in ClickFix Attacks

A new ClickFix variant uses a DNS-based delivery channel: victims are prompted to run nslookup in the Run dialog, querying an attacker-controlled DNS server. The DNS response contains a PowerShell payload that, when executed, downloads a ZIP with a Python runtime and malware scripts, establishes persistence, and installs ModeloRAT. This marks the first known use of DNS for staging and delivering ClickFix payloads, enabling on-the-fly payload updates and blending with normal DNS traffic instead of relying on HTTP.

via BleepingComputer|

#clickfix #dns #modelorat

cybersecurity4 months ago•2 min saved

ErrTraffic: New $800 Service Automates Large-Scale ClickFix Cyberattacks

ErrTraffic is a new cybercrime platform that automates ClickFix attacks by creating fake browser glitches on compromised websites to trick users into downloading malware or executing malicious commands, with high success rates and customizable payloads targeting multiple operating systems, primarily sold on hacker forums for $800.

via BleepingComputer|

#clickfix #cybercrime #cybersecurity

security6 months ago•2 min saved

ClickFix Threat Evolves, Signaling New Wave of Malicious Copy-and-Paste Attacks

ClickFix is a sophisticated scam campaign targeting Windows and macOS users by exploiting trust in online travel bookings and using social engineering tactics, such as fake CAPTCHA prompts and device-adaptive payloads, to infect devices with malware like PureRAT. The attacks leverage native OS capabilities and often bypass security tools, making awareness and cautious behavior the best defenses, especially during holiday gatherings when family members may be less vigilant.

via Ars Technica|

#clickfix #cyberattack #endpoint-protection

cybersecurity11 months ago•4 min saved

FileFix and ClickFix Attacks Surge in 2025, ESET Reports

The article discusses a 517% rise in ClickFix social engineering attacks using fake CAPTCHA verifications, leading to various malware infections, and introduces a new method called FileFix that tricks users into executing malicious commands via file paths. It also highlights recent phishing campaigns exploiting domains, email lures, and legitimate platforms to steal personal information and control victims' devices.

via The Hacker News|

#clickfix #cyberattack #cybersecurity

technology11 months ago•2 min saved

Rising ClickFix Attacks and New Phishing Tactics Threaten PC Security in 2025

The ESET Threat Report H1 2025 highlights a dynamic threat landscape with the rise of ClickFix, a versatile attack vector, shifts in infostealer malware like SnakeStealer, a surge in Android adware and NFC-based fraud, and ongoing chaos in the ransomware scene, despite a drop in ransom payments.

via WeLiveSecurity|

#clickfix #cybersecurity #infostealers