Proofpoint researchers have identified a surge in the ClickFix social engineering technique across the threat landscape. This technique uses dialogue boxes with fake error messages to trick users into copying, pasting, and running malicious content on their computers. Multiple threat actors are employing ClickFix through compromised websites, documents, HTML attachments, and malicious URLs. Recent campaigns have included GitHub security vulnerability notifications, Swiss e-commerce marketplace impersonations, fake software updates, and ChatGPT-themed malvertising. The technique has been observed delivering various malware, including AsyncRAT, Danabot, DarkGate, Lumma Stealer, and NetSupport. The popularity of ClickFix is attributed to its effectiveness in bypassing security protections by exploiting users' desire to be helpful and independent.