Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Anthropic’s Fable 5 and Mythos 5 Are Back with New Security Guardrails

July 1, 2026

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

July 1, 2026

Veil#Drop Uses Google Blogspot to Deploy PureLog Stealer

July 1, 2026
Facebook X (Twitter) Instagram
Wednesday, July 1
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»ClickFix Now Cybercriminals’ Favorite Malware Delivery Technique
News

ClickFix Now Cybercriminals’ Favorite Malware Delivery Technique

Team-CWDBy Team-CWDJune 30, 2026No Comments2 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


The ClickFix social engineering technique has become the leading means of cybercriminals delivering malware to victims.

According to analysis by researchers at ReliaQuest, which examined cyber-attacks taking place between March 1 and May 31, 2026, ClickFix dominated malware delivery.

ClickFix is a potent attack vector, because it socially engineers the victim into pasting attacker-supplied commands into trusted system dialogs.

In ClickFix-style attacks, the user enters the command, which  bypasses many anti-virus and cyber defense tools that categorize the action as legitimate.

One of the most common social engineering tricks deployed by ClickFix attacks is to use compromised websites to generate a fake CAPTCHA page which asks users to verify they are human by entering a command. This command is used to execute PowerShell code and retrieve infostealers or other malware payloads which then secretly compromise the victim.

During the reporting period,  ClickFix was deployed to deliver many forms of malware, including Deepload malware, to Windows systems.

This method observed to be deployed to deliver Atomic Stealer (AMOS) malware to macOS users for the first time. AMOS malware attacks are typically designed to steal browser credentials, session cookies, crypto wallets and keychain data.

This attack used a browser-triggered workflow to launch Script Editor, which is where the user is encouraged to enter commands. Attackers haven chosen to target Script Editor for this following an Apple update which attempted to counter ClickFix attacks by introducing a security feature that scans commands pasted into Terminal before they’re executed and warns the user that the command could be malicious.

“For enterprises, macOS must no longer be treated as lower risk and now needs the same monitoring and response coverage as Windows,” the ReliaQuest report warned.

To help counter the threat of ClickFix attacks, ReliaQuest recommended that organizations train users against ClickFix on Windows and macOS.

This training could involve teaching users not to paste commands into Run, Terminal, or Script Editor, as well as simulating ClickFix-style lures on both Windows and macOS during training exercises.

Meanwhile, network administrators can help prevent users from being able to fall victim to ClickFix attacks by restricting use of run dialog and clipboard, restricting execution of potentially malicious executables and blocking access to potentially malicious adverts and websites.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleWhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
Next Article Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
Team-CWD
  • Website

Related Posts

News

Anthropic’s Fable 5 and Mythos 5 Are Back with New Security Guardrails

July 1, 2026
News

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

July 1, 2026
News

Veil#Drop Uses Google Blogspot to Deploy PureLog Stealer

July 1, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Can password managers get hacked? Here’s what to know

November 14, 2025

What to consider before asking an AI chatbot for health advice

May 27, 2026

A stealthy RAT burrowing deep into Android devices

May 26, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.