CyberSecurityBoard
Sponsor Register Login

ClickFix Captcha - A Creative Technique That Allow Attackers Deliver Malware and Ransomware on Windows

This technique, known as ClickFix Captcha, exploits users’ trust in familiar web elements to bypass traditional security measures and deliver malicious payloads to Windows systems. The researchers noted the commands typically invoke PowerShell to download and execute additional malicious code while displaying deceptive “Verification complete” messages to maintain the illusion of legitimacy. What makes ClickFix particularly dangerous is the attackers’ implementation of rewrite rules and PHP-based proxies on compromised servers, allowing them to generate unlimited unique URLs for malware distribution while concealing the actual origin of the malicious content. Unlike traditional captchas that require users to identify objects or type text, ClickFix captchas instruct users to perform specific actions on their computers, such as pressing Windows key + R, claiming this will verify they aren’t bots. Dark Atlas researchers detected that when users follow these instructions, they unwittingly execute malicious commands that have been preloaded into their clipboard. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A sophisticated cyber espionage campaign targeting Ukrainian entities has been uncovered, revealing the latest tactics of the Russia-linked Gamaredon threat actor group. When users press Windows key + R after interacting with the captcha, they open the Run dialog, and the malicious command in their clipboard is automatically inserted. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. A sophisticated social engineering technique has recently emerged in the cybersecurity landscape, rapidly gaining traction among threat actors seeking to distribute trojans, ransomware, and particularly Quakbot malware. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. One captured example showed commands to retrieve “flswunwa.zip” and extract its contents, which would then establish persistence and potentially exfiltrate sensitive data.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 29 Mar 2025 09:20:05 +0000


Cyber News related to ClickFix Captcha - A Creative Technique That Allow Attackers Deliver Malware and Ransomware on Windows

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
5 months ago Cybersecuritynews.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
4 months ago Cybersecuritynews.com
Unraveling CAPTCHA: A Comprehensive Insight Into Its History, Applications, and Efficiency - History of CAPTCHA. The inception of CAPTCHA dates back to the late 1990s when researchers at Carnegie Mellon University led by Luis von Ahn, Manuel Blum, and others, sought a solution to prevent automated bots from infiltrating online platforms. In ...
1 year ago Feeds.dzone.com Inception
ClickFix Attack Emerges by Over 500% - Hackers Actively Using This Technique to Trick Users - The attack presents victims with fake error messages or verification prompts that appear legitimate, instructing them to copy and paste seemingly harmless commands to resolve fictitious technical issues. Unlike traditional attack methods, ClickFix ...
1 month ago Cybersecuritynews.com Kimsuky Lazarus Group MuddyWater APT3
Hackers Employ New ClickFix Captcha Technique to Deliver Ransomware - The integration of Qakbot with the ClickFix technique allows attackers to bypass traditional security measures by leveraging user interaction to execute malicious commands. A sophisticated social engineering technique known as ClickFix has emerged, ...
4 months ago Cybersecuritynews.com
ClickFix Captcha - A Creative Technique That Allow Attackers Deliver Malware and Ransomware on Windows - This technique, known as ClickFix Captcha, exploits users’ trust in familiar web elements to bypass traditional security measures and deliver malicious payloads to Windows systems. The researchers noted the commands typically invoke PowerShell ...
4 months ago Cybersecuritynews.com
Interlock ransomware gang pushes fake IT tools in ClickFix attacks - The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. Though this isn't the first time ClickFix has been linked to ransomware infections, ...
3 months ago Bleepingcomputer.com
State Sponsored Hackers Now Widely Using ClickFix Attack Technique in Espionage Campaigns - While currently limited to experimental usage by these state-sponsored groups, the increasing popularity of ClickFix in both cybercrime and espionage campaigns suggests the technique will likely become more widely adopted as threat actors continue to ...
3 months ago Cybersecuritynews.com Kimsuky MuddyWater
iClicker hack targeted students with malware via fake CAPTCHA - The website of iClicker, a popular student engagement platform, was compromised in a ClickFix attack that used a fake CAPTCHA prompt to trick students and instructors into installing malware on their devices. According to a security alert from the ...
2 months ago Bleepingcomputer.com
Inside a Real Clickfix Attack: How This Social Engineering Hack Unfolds - Coined initially as “ClickFix” because the social engineering prompts were telling the user they ought to “fix” a problem with their browser and required the user to click an element, this term is now ascribed to any similar ...
1 week ago Bleepingcomputer.com
Unlocking CAPTCHAs: Moving Beyond Deterrence to Detection - In the digital realm, CAPTCHA has long been viewed as a necessary annoyance, a tool employed to thwart automated bots and ensure that real human users can successfully interact with websites. A paradigm shift is underway in how we perceive CAPTCHA. ...
1 year ago Securityboulevard.com
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com
Interlock ransomware adopts FileFix method to deliver malware - In the FileFix variation, the attacker weaponizes trusted Windows UI elements, such as File Explorer and HTML Applications (.HTA), to trick users into executing malicious PowerShell or JavaScript code without displaying any security warnings. This ...
3 weeks ago Bleepingcomputer.com
Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines - Cyber Security News - The attackers impersonate legitimate entities, including government officials, news correspondents, and security personnel, to establish trust before delivering malicious payloads through encrypted archives or deceptive websites designed to mimic ...
1 month ago Cybersecuritynews.com Kimsuky
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
1 year ago Pandasecurity.com
New LUMMAC.V2 Stealer Using ClickFix Technique to Trick Users in Execute Malicious Commands - Cyber Security News - The LUMMAC.V2 campaign represents a significant threat not only due to its extensive data theft capabilities but also because it exploits human behavior rather than technical vulnerabilities, making traditional security measures less effective at ...
3 months ago Cybersecuritynews.com
ClickFix attack delivers infostealers, RATs in fake Booking.com emails - Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. In the phishing campaign discovered by ...
4 months ago Bleepingcomputer.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
1 year ago Pandasecurity.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
Beware of Fake CAPTCHA Prompts That May Silently Install LummaStealer on Your Device - The attack specifically targets users of booking websites by presenting fake booking confirmation pages that require CAPTCHA verification to view document details. The Infection Chain Flow shows how the attack progresses from the initial visit to a ...
5 months ago Cybersecuritynews.com
Top 10 Best Dynamic Malware Analysis Tools in 2025 - FireEye Malware AnalysisEnterprise-grade solution, zero-day detection, integration with threat intelligence, memory forensics.Enterprise-grade malware detection and forensicsPricing details not publicly available; contact for quote.Yes6. Detux ...
5 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)