The rise of ClickFix social engineering attacks, which manipulate fake CAPTCHA verifications, has led to a significant increase in malicious payload delivery worldwide. Threat actors are expanding their tactics with new methods like FileFix and deploying sophisticated phishing campaigns targeting various organizations and platforms. #ClickFix #FileFix #PhishingCampaigns
Keypoints
- ClickFix attacks increased by 517% between late 2024 and early 2025, using fake CAPTCHA checks to deceive victims.
- Threat actors are deploying a variety of malware, including infostealers, ransomware, trojans, and cryptominers through ClickFix campaigns.
- FileFix is a new attack technique that tricks users into executing malicious PowerShell commands via manipulated file paths.
- Recent phishing campaigns exploit .gov domains, long-lived domains, and legitimate platforms like SharePoint to steal personal and corporate data.
- Use of fake alerts from U.S. DMVs and sophisticated URL tactics make these campaigns difficult to detect and block by security tools.
Read More: https://thehackernews.com/2025/06/new-filefix-method-emerges-as-threat.html