Phishing

Almost a year after my last ClickFix post, ClickFix continues to be all the rage and remains a technique of choice for initial access among many threat actors. ClickFix has since evolved from solving CAPTCHA and error prompts to impersonating documentation for products such as Claude Code, Mac storage cleaning guides, and malicious instructions via Medium blogs, among many other lures. This post will look at how a single ClickFix domain can be used to help discover many others....

What is ClickFix? ClickFix is a social engineering technique increasingly being used by actors in the past few months. The technique relies on fooling users to run PowerShell or Terminal commands on their computers, through the use of fake error dialogue boxes. This post will look at how the domains involved in ClickFix script can be latched onto to discover additional infrastructure. The ClickFix script in this case was used to download the SectopRAT malware, you can read more about the malware itself on my friend Chris’s blog here....