Cybersecurity researchers have identified multiple ClickFix campaigns deploying three new malware loaders: BabaDeda Loader, Lorem Ipsum Loader, and Potemkin. These campaigns use…
BabaDeda Loader is a malware loader first documented by Morphisec in November 2021. It uses ClickFix social engineering to deliver payloads like…
Lorem Ipsum Loader is a nascent loader and backdoor active since February 2026. It is delivered through ClickFix lures on compromised WordPress…
Morphisec is a cybersecurity company that first documented BabaDeda Loader in November 2021. They reported on the evolution of the loader framework,…
BlueVoyant is a cybersecurity company that analyzed the Lorem Ipsum Loader campaign, noting the use of compromised WordPress sites and ClickFix lures.…
EtherRAT is a remote access trojan (RAT) delivered via the Potemkin loader in ClickFix campaigns. It is used alongside RMMProject for credential…
RMMProject is a Lua-scriptable DLL that enables remote screen control and browser credential theft by bypassing Chromium's App-Bound Encryption. It includes modules…
Phexia Stealer is a macOS infostealer delivered via ClickFix campaigns targeting macOS users with fraudulent bot verification screens.
HellsUchecker is a backdoor delivered via EtherHiding and ClickFix campaigns, capable of executing files retrieved from C2 and reporting results back.
Huntress is a cybersecurity company that detected the Potemkin loader campaign, which uses ClickFix to deliver EtherRAT and RMMProject. They highlighted the…