Crooks tweak familiar copy-paste ruse so that victims run malicious commands themselves A new twist on the long-running ...

随着端点检测与响应（EDR）技术及反病毒软件的日益成熟，传统依赖于可执行文件（.exe, .dll）落地执行的恶意软件生存空间受到极大挤压。攻击者被迫不断演进其战术、技术与过程（TTPs），寻求更隐蔽的入侵途径。在此背景下，“无文件攻击”逐渐成为主流趋势，其核心特征是不在磁盘上留下明显的恶意文件实体，而是利用操作系统自带的合法管理工具（如PowerShell, WMI, PsExec等）在内存中执 ...

Unwitting victims are now being tricked into installing malware via Windows Terminal, but some experts say this is old news.

PANews 3月3日消息，据Cointelegraph报道，黑客正利用“ClickFix”攻击手法窃取加密货币，最新两起攻击涉及冒充风险投资公司和劫持浏览器扩展程序。网络安全公司Moonlock ...

近期，加密黑客在ClickFix攻击中采用了两种新手法，令网络安全专家警惕。根据MoonlockLab与AnnexSecurity的最新报告，这些黑客通过冒充风险投资（VC）机构，利用LinkedIn接触目标，以“合作洽谈”为名诱导用户访问伪造的Zoom或Google Meet页面。在这些页面中，黑客通过假冒的Cloudflare验证，诱使受害者复制并在终端执行恶意命令，从而实现攻击。

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

威胁行为者近期升级了一项名为"ClickFix"的新型社会工程攻击活动。攻击者通过在遭入侵或被克隆的网站中植入虚假验证码（CAPTCHA）弹窗，诱骗用户通过剪贴板注入和Windows运行对话框滥用等方式触发恶意软件。 SentinelOne最新报告揭示了这项欺骗性技术在过去一年 ...

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate ...

In ClickFix attacks, victims are supposed to execute commands themselves to infect their systems. One campaign relies on Windows Terminal.

Microsoft reveals ClickFix campaign abusing Windows Terminal to deliver Lumma Stealer and steal browser credentials.

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

Crypto hackers are expanding their ClickFix attacks using fake VC firms and a hijacked Chrome extension to steal wallet data and credentials.