Recent Alerts & News

Stay informed about the latest campaigns and variations of the ClickFix scam observed in the wild.

Feb 2026

New 'CrashFix' Variant Deploys Python RATs

Microsoft Security reports a new specific variant called 'CrashFix' that tricks users into installing a Python-based Remote Access Trojan.

Source: Microsoft Security Read Article →
Dec 2025

ConsentFix: Abusing OAuth for Account Takeover

Push Security details 'ConsentFix', a variant targeting Microsoft 365 OAuth flows to bypass MFA without stealing passwords.

Source: Push Security Read Article →
Nov 2025

The Most Advanced ClickFix Yet

Push Security analyzes highly sophisticated ClickFix lures including fake Google Meet pages that look identical to the real thing.

Source: Push Security Read Article →
Aug 2025

Think Before You ClickFix

Microsoft Threat Intelligence analyzes the rapid flooding of the threat landscape with ClickFix social engineering techniques.

Source: Microsoft Read Article →
Aug 2025

Phishing URLs Quadruple in One Year

Proofpoint's specific report 'The Human Factor 2025 Vol. 2' highlights a 400% increase in malicious links associated with ClickFix.

Source: Proofpoint Read Article →
July 2025

FileFix: The New Explorer-Based Attack

Check Point Research uncovers 'FileFix', a social engineering attack building on ClickFix that exploits the Windows File Explorer address bar.

Source: Check Point Research Read Article →
June 2025

ClickFix Attacks Surge by 517% in H1 2025

ESET's H1 2025 Threat Report details a massive increase in ClickFix detections, identifying it as a top tier threat vector.

Source: ESET Read Article →
Jan 2025

Lumma Stealer Distributed via Fake CAPTCHAs

Attackers are using fake verification pages to trick users into running PowerShell commands that install the Lumma Stealer infostealer.

Source: The Hacker News Read Article →
Nov 2024

ClickFix Floods Threat Landscape

Proofpoint Security Brief on how the ClickFix social engineering technique is dominating the threat landscape.

Source: Proofpoint Read Article →
Oct 2024

HHS Sector Alert: ClickFix Attacks

The U.S. Health and Human Services issues a sector alert regarding the rising threat of ClickFix attacks against healthcare organizations.

Source: HHS.gov Read Article →
May 2024

Microsoft Warns of Quick Assist Abuse (Storm-1811)

Microsoft detects Storm-1811 using 'vishing' and Quick Assist tool abuse to deploy Black Basta ransomware—a key precursor to modern ClickFix tactics.

Source: Microsoft Read Article →