Hackers Employ New ClickFix Captcha Technique to Deliver Ransomware

The integration of Qakbot with the ClickFix technique allows attackers to bypass traditional security measures by leveraging user interaction to execute malicious commands. A sophisticated social engineering technique known as ClickFix has emerged, leveraging fake CAPTCHA verification processes to deceive users into executing malicious commands. The ClickFix technique involves guiding users through a series of seemingly harmless keystrokes that ultimately lead to the installation of malware, including infostealers, ransomware, and banking trojans like Qakbot. This includes using encrypted files and dynamically generated URLs, making it difficult for security solutions to blacklist or detect malicious activity effectively. Attackers using the ClickFix technique often employ obfuscation methods to conceal the true nature of the malicious payload. According to DarkAtlas, this technique preys on human behavior, exploiting trust in common online interactions to deploy malicious payloads without raising suspicion. The ClickFix attack begins with a deceptive pop-up on a compromised or malicious website, mimicking a standard bot verification message. These steps involve pressing the Windows Key + R to open the Run dialog box, followed by pressing CTRL + V to paste preloaded malicious code from the website’s virtual clipboard into the Run prompt. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Currently, efforts are underway to disrupt the malware delivery infrastructure by taking down associated domains and removing malicious content. For instance, attackers can create an unlimited number of unique URLs for malware distribution, complicating efforts to trace and analyze the threat.

This Cyber News was published on cybersecuritynews.com. Publication date: Sun, 30 Mar 2025 16:00:13 +0000


Cyber News related to Hackers Employ New ClickFix Captcha Technique to Deliver Ransomware

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
3 months ago Cybersecuritynews.com
Unraveling CAPTCHA: A Comprehensive Insight Into Its History, Applications, and Efficiency - History of CAPTCHA. The inception of CAPTCHA dates back to the late 1990s when researchers at Carnegie Mellon University led by Luis von Ahn, Manuel Blum, and others, sought a solution to prevent automated bots from infiltrating online platforms. In ...
1 year ago Feeds.dzone.com Inception
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
1 month ago Cybersecuritynews.com
Hackers Employ New ClickFix Captcha Technique to Deliver Ransomware - The integration of Qakbot with the ClickFix technique allows attackers to bypass traditional security measures by leveraging user interaction to execute malicious commands. A sophisticated social engineering technique known as ClickFix has emerged, ...
2 months ago Cybersecuritynews.com
State Sponsored Hackers Now Widely Using ClickFix Attack Technique in Espionage Campaigns - While currently limited to experimental usage by these state-sponsored groups, the increasing popularity of ClickFix in both cybercrime and espionage campaigns suggests the technique will likely become more widely adopted as threat actors continue to ...
1 month ago Cybersecuritynews.com Kimsuky MuddyWater
Interlock ransomware gang pushes fake IT tools in ClickFix attacks - The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. Though this isn't the first time ClickFix has been linked to ransomware infections, ...
1 month ago Bleepingcomputer.com
iClicker hack targeted students with malware via fake CAPTCHA - The website of iClicker, a popular student engagement platform, was compromised in a ClickFix attack that used a fake CAPTCHA prompt to trick students and instructors into installing malware on their devices. According to a security alert from the ...
2 weeks ago Bleepingcomputer.com
ClickFix Captcha - A Creative Technique That Allow Attackers Deliver Malware and Ransomware on Windows - This technique, known as ClickFix Captcha, exploits users’ trust in familiar web elements to bypass traditional security measures and deliver malicious payloads to Windows systems. The researchers noted the commands typically invoke PowerShell ...
2 months ago Cybersecuritynews.com
Unlocking CAPTCHAs: Moving Beyond Deterrence to Detection - In the digital realm, CAPTCHA has long been viewed as a necessary annoyance, a tool employed to thwart automated bots and ensure that real human users can successfully interact with websites. A paradigm shift is underway in how we perceive CAPTCHA. ...
1 year ago Securityboulevard.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
ClickFix attack delivers infostealers, RATs in fake Booking.com emails - Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. In the phishing campaign discovered by ...
2 months ago Bleepingcomputer.com
New LUMMAC.V2 Stealer Using ClickFix Technique to Trick Users in Execute Malicious Commands - Cyber Security News - The LUMMAC.V2 campaign represents a significant threat not only due to its extensive data theft capabilities but also because it exploits human behavior rather than technical vulnerabilities, making traditional security measures less effective at ...
3 weeks ago Cybersecuritynews.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
The Week in Ransomware - With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. Last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it ...
1 year ago Bleepingcomputer.com Inc ransom Qilin Mallox Black Basta
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
7 months ago Securelist.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
1 year ago Bleepingcomputer.com LockBit Akira
Beware of Fake CAPTCHA Prompts That May Silently Install LummaStealer on Your Device - The attack specifically targets users of booking websites by presenting fake booking confirmation pages that require CAPTCHA verification to view document details. The Infection Chain Flow shows how the attack progresses from the initial visit to a ...
2 months ago Cybersecuritynews.com
State-sponsored hackers embrace ClickFix social engineering tactic - Proofpoint reports that APT28, a GRU unit, also used ClickFix as early as October 2024, using phishing emails mimicking a Google Spreadsheet, a reCAPTCHA step, and PowerShell execution instructions conveyed via a pop-up. ClickFix attacks are gaining ...
1 month ago Bleepingcomputer.com APT28 Kimsuky MuddyWater
New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint - A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. Threat actors have also begun to evolve the ...
2 months ago Bleepingcomputer.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com LockBit BianLian Akira Cactus
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
1 year ago Bleepingcomputer.com Medusa Cuba STORMOUS
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape