Skip to content
The Nexus
DossierENTITY

ClickFix

Coverage of ClickFix in the Nexus archive.

Earliest in view: Apr 8 · 18:55 UTCMost recent: Jul 2 · 10:57 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 2 · 10:57 UTCENGADGET
    Opera's new security feature stops copy paste attacks from malicious websites

    Opera has introduced a new security feature to protect against malicious 'ClickFix' clipboard attacks. This feature is designed to prevent copy-paste attacks from harmful websites.

  • SECURITYJul 1 · 05:32 UTCTHE HACKER NEWS
    Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery

    A researcher analyzed 3,000 Live ClickFix payloads, revealing API-driven servers distribute malware through disguised commands on fake 'prove you're human' pages. A new delivery method was identified to bypass Windows' script scanning.

  • SECURITYJun 25 · 08:54 UTCTHE HACKER NEWS
    New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

    A new backdoor named Mistic (MLTBackdoor) has been used in financially motivated attacks targeting organizations in insurance, education, IT, and professional services since April 2026. Symantec and Carbon Black's Threat Hunter Team linked it to an initial access broker named KongTuke and campaigns called ClickFix and ModeloRAT.

  • SECURITYJun 22 · 09:56 UTCTHE REGISTER
    Gizmodo readers hit with ClickFix malware prompts after account compromise

    Gizmodo confirmed a security incident where a compromised account injected a malicious script, briefly displaying ClickFix malware prompts on its site. The attack, linked to ErrTraffic's ClickFix-as-a-service, targeted users with OS-specific payloads, including NetSupport RAT for Windows and a broken macOS version. Gizmodo resolved the issue by removing the script and securing the account.

  • SECURITYJun 3 · 19:10 UTCDARK READING
    Cyber Insurance Rates Are Dropping, but Exclusions Widen

    Cyber insurance rates are decreasing, but policy exclusions are expanding. Some policies now exclude coverage for social engineering attacks such as ClickFix.

  • SECURITYJun 2 · 20:11 UTCDARK READING
    DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

    DriveSurge, a malicious traffic distribution system, is hijacking thousands of websites to redirect users to malware-delivering sites through attacks named ClickFix and FakeUpdate. The operation uses a traffic distribution system (TDS) to compromise trusted websites.

  • SECURITYJun 1 · 22:14 UTCBLEEPING COMPUTER
    Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

    Hackers using the alias DriveSurge have launched large-scale malware distribution campaigns through compromised websites, employing techniques called ClickFix and FakeUpdates. The attacks involve hijacking thousands of sites to spread malicious software.

  • SECURITYMay 24 · 14:12 UTCBLEEPING COMPUTER
    Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

    A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code, enabling ClickFix attack flows. The flaw allows attackers to execute arbitrary SQL commands and compromise affected websites.

  • SECURITYMay 23 · 00:34 UTCHACKER NEWS
    FBI director's Based Apparel site has been spotted hosting a 'ClickFix' attack

    The FBI director's apparel website, Based Apparel, has been identified as hosting a 'ClickFix' malware attack, attempting to trick visitors into installing malicious software. The article highlights security concerns linked to the site, with 35 points and 9 comments on Hacker News.

  • SECURITYMay 7 · 18:00 UTCBLEEPING COMPUTER
    Australia warns of ClickFix attacks pushing Vidar Stealer malware

    The Australian Cyber Security Center warns of an ongoing malware campaign using ClickFix to distribute Vidar Stealer info-stealing malware. The campaign targets organizations and aims to steal sensitive information. The warning highlights the importance of cybersecurity measures.

  • SECURITYApr 24 · 13:00 UTCDARK READING
    North Korea's Lazarus Targets macOS Users via ClickFix

    North Korea's Lazarus hacking group is exploiting the ClickFix vulnerability to target macOS users, particularly Mac-centric organizations and high-value leaders, for initial access and data theft. The attack highlights ongoing cyber threats leveraging known vulnerabilities against specific platforms and targets.

  • SECURITYApr 22 · 14:20 UTCCOINTELEGRAPH
    Lazarus-linked macOS malware hits crypto and fintech firms

    Security researchers have linked a new macOS malware called 'Mach-O Man' to a Lazarus cyber campaign. The malware uses fake meeting invites and ClickFix prompts to steal credentials and access systems in crypto and fintech firms.

  • SECURITYApr 21 · 15:50 UTCTHE REGISTER
    macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets

    A macOS ClickFix campaign uses AppleScript-based infostealers to steal credentials and session cookies from 14 browsers, 16 cryptocurrency wallets, and over 200 extensions. The attack targets macOS users, harvesting sensitive data including browser sessions and cryptocurrency information.

  • SECURITYApr 16 · 19:42 UTCDARK READING
    North Korea Uses ClickFix to Target macOS Users' Data

    North Korea's hacking group Sapphire Sleet is using fake job offers and fraudulent Zoom update schemes to deploy the ClickFix malware, targeting macOS users to steal credentials and sensitive data. The attacks exploit social engineering tactics to compromise Mac systems.

  • SECURITYApr 8 · 18:55 UTCBLEEPING COMPUTER
    New macOS stealer campaign uses Script Editor in ClickFix attack

    A new macOS stealer campaign delivers the Atomic Stealer malware using a modified ClickFix attack that exploits the Script Editor tool. The attack tricks users into executing Terminal commands, highlighting vulnerabilities in macOS security practices.

ClickFix · Dossier · The Nexus