ClickFix attack uses fake Windows BSOD screens to push malware

Related breach coverage

• Microsoft warns of ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer
  2026-03-06

  Microsoft warns of ClickFix campaign using Windows Terminal to deliver Lumma Stealer via social engineering attacks. Microsoft revealed a new ClickFix campaign where attackers exploit Windows Terminal to run a complex attack chain, ultimately deploying Lumma Stealer malware. The campaign uses social engineering to trick users into executing malicious commands, highlighting growing risks to Windows […]

• Amnesia RAT deployed in multi-stage phishing attacks against Russian users
  2026-01-27

  A multi-stage phishing campaign targets users in Russia with ransomware and Amnesia RAT using fake business documents as lures. FortiGuard Labs researchers uncovered a multi-stage malware campaign mainly targeting users in Russia. The attack uses fake business documents as social engineering lures to distract victims while malware runs in the background. It escalates to full […]

• ClickFix attack uses fake Windows Update screen to push malware
  2025-11-24

  New ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. [...]

• From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures
  2026-03-17

  ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and […]