Crypto hackers exploit ClickFix via fake venture capital outreach

Crypto criminals are refining social engineering tactics to bypass traditional security tools, using fake venture capital outreach to deploy a technique known as ClickFix.

Woman gets strange popup on website—"evil" scam she discovers shocks

A woman shared the "Clickfix" scheme that tried to infect her computer in a viral social-media post.

‘ClickFix’ hackers pose as VCs, hijack QuickLens in latest crypto attacks

Crypto hackers are expanding their ClickFix attacks using fake VC firms and a hijacked Chrome extension to steal wallet data ...

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
SecurityWeek

Microsoft Warns of ClickFix Attack Abusing DNS Lookups

Microsoft has warned users that threat actors are leveraging a new variant of the ClickFix technique to deliver malware.

QuickLens Chrome extension steals crypto, shows ClickFix attack

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...
Yahoo

State-sponsored actors spotted using ClickFix hacking tool developed by criminals

The ClickFix attack technique has gotten so popular that even state-sponsored threat actors are using it, research from Proofpoint claims, having observed at least three groups leveraging the method ...
CSO Online

North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign

The campaign used a compromised Telegram account, a fake Zoom meeting, and AI-assisted deception to trick victims into executing terminal commands leading to a macOS infection chain.
Dark Reading

ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT

ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.