← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Fix the Click: Preventing the ClickFix Attack Vector
WHITE AlienVault 2025-07-10 Modified: 2025-08-09
85
IOCs
HIGH VOLUME
This article discusses the rising threat of ClickFix, a social engineering technique used by threat actors to trick victims into executing malicious commands under the guise of quick fixes for computer issues. The technique has been observed in campaigns distributing various malware, including NetSupport RAT, Latrodectus, and Lumma Stealer. ClickFix lures often use clipboard hijacking and can bypass standard detection controls. The article provides case studies of recent campaigns, hunting tips for detecting ClickFix infections, and recommendations for proactive defense measures. It emphasizes the importance of user education and implementing robust security controls to mitigate this evolving threat.
latrodectustyposquattingpowershellclipboard hijackingautoitsocial engineeringclickfixratinfostealernetsupport ratlumma stealer
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
NetSupport RAT Latrodectus Lumma Stealer
Indicators of Compromise (85)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0f9411596e254d60d181e1c2e79cb2d5 2025-07-10
FileHash-MD5 58995e4bf1318a44d775d7b273de4933 2025-07-10
FileHash-MD5 5bc51a4e118f2a8208d90b5f35a0af40 2025-07-10
FileHash-MD5 5e65dbaf6a158b83f280b529368ab428 2025-07-10
FileHash-MD5 bbb2eb34fed468b8ec5cd0be88f9acbb 2025-07-10
FileHash-SHA1 0bd717cd72246ba4b246245e85161a8162d62c19 2025-07-10
FileHash-SHA1 42cc90a18e326003ad3abc8942647e2564b441ca 2025-07-10
FileHash-SHA1 6b0c0a35d0020700cc2baf744eb3b2a250945bbf 2025-07-10
FileHash-SHA1 b3db22bc6f7c9c1fb7e7183821d6cd1cabaa73ce 2025-07-10
FileHash-SHA1 e119de06dc6535e9086c01619dc9d07d0edf18ed 2025-07-10
FileHash-SHA256 146affbf12b8998f04fa2daf5e5e7bcc6b535e2097cbd541c690b3eca7d8e03b 2025-07-10
FileHash-SHA256 391c964bd8df38ac4f024fff99528182f17fbd8e30fca43272f6812c34fa53b7 2025-07-10
FileHash-SHA256 466cc0b75fa453dbf9b068341cea5e77f8543c626b7a905af578a415ae7791d0 2025-07-10
FileHash-SHA256 5070cc64b72062e18baa2ba164e1fef9d9a57a9962a64738d8405cd8c3af5101 2025-07-10
FileHash-SHA256 69af1d10dd1dacae362ab8fd4e5bcc97ddb363cdeb06a4bf1bc3db4dfc68b1e1 2025-07-10
FileHash-SHA256 8502cabd12fa8c56c5ab62bdbb714592d0e4452efa025cf558de0a9e7605ad43 2025-07-10
FileHash-SHA256 94479572d99e07c50d39c46c8a96843e1c8ae80ce126ae3ba4c4fd223e3d731a 2025-07-10
FileHash-SHA256 9d851620712c8122ee50d25723800ef2ecfb6bd7f810f0a1909b5f5808d8055f 2025-07-10
FileHash-SHA256 a399bf56687bc04707fc1cc7771725f500d5d70d4fcdfbc3462d6b1ff37b8a9d 2025-07-10
domain architrata.com 2025-07-10
domain atri.live 2025-07-10
domain carflotyup.com 2025-07-10
domain cqsf.live 2025-07-10
domain dlux.live 2025-07-10
domain furthert.run 2025-07-10
domain jrxsafer.top 2025-07-10
domain lofiramegi.com 2025-07-10
domain plantainklj.run 2025-07-10
domain puerrogfh.live 2025-07-10
domain quavabvc.top 2025-07-10
domain quityt.digital 2025-07-10
domain rambutanvcx.run 2025-07-10
domain rekx.live 2025-07-10
domain smartlifeshift.com 2025-07-10
domain targett.top 2025-07-10
domain thob.live 2025-07-10
domain topguningit.com 2025-07-10
domain ywmedici.top 2025-07-10
hostname b.ekoz.live 2025-07-10
hostname m.bjeb.live 2025-07-10
FileHash-MD5 164d8d82c41c4e1b871bc21802a18154 2025-07-10
FileHash-MD5 626890a630d8418ea6c2ef0fa17f02ef 2025-07-10
FileHash-MD5 7efc089d5da740a994d1472af48fc689 2025-07-10
FileHash-MD5 9f3018dd52fce55b302874ed24b0fd18 2025-07-10
FileHash-MD5 a384eb33be4f98c4df33ac1b99d1c417 2025-07-10
FileHash-MD5 a5a2932dc7f143499b865f8580102688 2025-07-10
FileHash-MD5 cfb8c6a16eace9730a846a11f6e70dda 2025-07-10
FileHash-SHA1 94d786cd03f8dff56e4f97f5817894c482d5f6fa 2025-07-10
FileHash-SHA1 cca2b2aa7e21c655991686fc99549ef39a123ece 2025-07-10
FileHash-SHA1 dac282410c0ac6648c859e74d5f114b3dae57a68 2025-07-10
FileHash-SHA256 06efe89da25a627493ef383f1be58c95c3c89a20ebb4af4696d82e729c75d1a7 2025-07-10
FileHash-SHA256 2bc23b53bb76e59d84b0175e8cba68695a21ed74be9327f0b6ba37edc2daaeef 2025-07-10
FileHash-SHA256 33a0cf0a0105d8b65cf62f31ec0a6dcd48e781d1fece35b963c6267ab2875559 2025-07-10
FileHash-SHA256 3acc40334ef86fd0422fb386ca4fb8836c4fa0e722a5fcfa0086b9182127c1d7 2025-07-10
FileHash-SHA256 506ab08d0a71610793ae2a5c4c26b1eb35fd9e3c8749cd63877b03c205feb48a 2025-07-10
FileHash-SHA256 52e6e819720fede0d12dcc5430ff15f70b5656cbd3d5d251abfc2dcd22783293 2025-07-10
FileHash-SHA256 5702b2a25802ff1b520c0d1e388026f8074e836d4e69c10f9481283f886fd9f4 2025-07-10
FileHash-SHA256 57e75c98b22d1453da5b2642c8daf6c363c60552e77a52ad154c200187d20b9a 2025-07-10
FileHash-SHA256 5809c889e7507d357e64ea15c7d7b22005dbf246aefdd3329d4a5c58d482e7e1 2025-07-10
FileHash-SHA256 5c762ff1f604e92ecd9fd1dc5d1cb24b3af4b4e0d25de462c78f7ac0f897fc2d 2025-07-10
FileHash-SHA256 9dca5241822a0e954484d6c303475f94978b6ef0a016cbae1fba29d0aed86288 2025-07-10
FileHash-SHA256 cbaf513e7fd4322b14adcc34b34d793d79076ad310925981548e8d3cff886527 2025-07-10
domain agroeconb.live 2025-07-10
domain animatcxju.live 2025-07-10
domain btco.live 2025-07-10
domain byjs.live 2025-07-10
domain decr.live 2025-07-10
domain diab.live 2025-07-10
domain heyues.live 2025-07-10
domain izan.live 2025-07-10
domain lasix20.com 2025-07-10
domain leocompany.org 2025-07-10
domain lexip.live 2025-07-10
domain loyalcompany.net 2025-07-10
domain mh-sns.com 2025-07-10
domain mhbr.live 2025-07-10
domain mhousecreative.com 2025-07-10
domain rimz.live 2025-07-10
domain stuffgull.top 2025-07-10
domain sumeriavgv.digital 2025-07-10
domain webbs.live 2025-07-10
domain xxxx.co 2025-07-10
hostname k.mailam.live 2025-07-10
hostname k.veuwb.live 2025-07-10
hostname r.netluc.live 2025-07-10
References (1)
↗ https://unit42.paloaltonetworks.com/preventing-clickfix-attack-vector