ClickFix Now Cybercriminals' Favorite Malware Delivery Technique
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
Social engineering manipulates people into revealing access or approving actions, causing compromise; verify requests and enforce least privilege.
Search across headline titles and summaries.
Background for this topic.
Social engineering is the deliberate manipulation of people into disclosing information, bypassing a control, or performing an action for an attacker. It commonly uses phishing, voice or text messages, impersonation, pretexting, and physical access attempts. In a threat model, the attacker targets trust, urgency, authority, or helpfulness rather than exploiting software directly. Successful deception can expose credentials or personal data, authorize fraudulent payments, enable malware delivery, or provide an initial foothold for account or network compromise.
Effective defenses make sensitive requests independently verifiable and limit the damage of a mistake. Use phishing-resistant multi-factor authentication where practical, least-privilege access, and approval or call-back procedures for payments, password resets, and changes to account or banking details. Staff should have a simple way to report suspected messages without penalty; security teams can then investigate related accounts, messages, and login activity, revoke exposed credentials, and contain follow-on access. Awareness training helps people recognize pretexts, but should reinforce these technical and procedural controls rather than rely on vigilance alone.
Weekly headline count for the current query.
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
Bayer’s security awareness training now focuses on psychological approaches rather than technical methods for detecting social engineering
Exploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchers
The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks
Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration
Multi-stage malware campaign targets hospitality organizations using social engineering and abuse of MSBuild.exe
A new malware campaign has been identified using a Python-based delivery system to deploy CastleLoader malware
BitSight research has revealed how threat actors exploit calendar subscriptions to deliver phishing links, malware and social engineering attacks through hijacked domains
A major US real estate firm has been targeted with an advanced intrusion attempt using Tuoni C2, combining social engineering, steganography and in-memory attacks
Only one in ten IT and cybersecurity professionals feels “very prepared” to manage generative AI risks
An attack on a US accounting firm delivered PureRAT via Ghost Crypt, involving social engineering and advanced obfuscation techniques
The ClickFix social engineering technique has become the second most common attack vector, behind only phishing, according to ESET research
Experts at Infosecurity Europe 2025 highlighted a range of major industry trends, from advanced social engineering techniques to vulnerability exploits
Malware campaign exploiting TikTok’s popularity has been observed using social engineering to spread Vidar and StealC
ResolverRAT targets healthcare organizations using advanced evasion techniques and social engineering
Phishing attack exploits social engineering techniques alongside Microsoft Teams and remote access software to deploy BackConnect malware
Venture capital firm Insight Partners, which counts Recorded Future, SentinelOne and Wiz in its portfolio, confirmed an intrusion into its systems via a social engineering attack
Proofpoint researchers have observed the growing use of the ClickFix social engineering tactic, which lures people into running malicious content on their computer
US law enforcement is tracking aggressive social engineering attacks against cryptocurrency operations
The OneDrive campaign uses social engineering to trick users into executing a PowerShell script