Hackread.com⚠️ New #ClickFix malware campaign is tricking users with a fake browser “fix” prompt that leads to #DarkGate being installed via clipboard PowerShell commands. 📋
Read: https://hackread.com/clickfix-attack-fake-browser-install-darkgate-malware/
ESET Research#ClickFix went from virtually non-existent to the second most common attack vector blocked by #ESET, surpassed only by #phishing. This novel social engineering technique accounted for nearly 8% of all detections in H1 2025. #ESETresearch
ClickFix lures users by displaying bogus error messages followed by quick fix instructions, including copy-pasting malicious code. Running the code in the victim’s command line interpreter delivers malware such as #RATs, infostealers, and cryptominers.
Between H2 2024 and H1 2025, ESET’s detection for ClickFix, HTML/FakeCaptcha, skyrocketed by 517%. Most detections in ESET telemetry were reported from Japan (23%), Peru (6%), and Poland, Spain, and Slovakia (>5% each).
What makes #ClickFix so effective? The fake error message looks convincing; instructions are simple, yet the copied command is too technical for most users to understand. Pasting it into cmd leads to compromise with final payloads, including #DarkGate or #LummaStealer.
While #ClickFix was introduced by cybercriminals, it’s since been adopted by APT groups: Kimsuky, Lazarus; Callisto, Sednit; MuddyWater; APT36. NK-aligned actors used it to target developers, steal crypto and passwords from Metamask and #macOS Keychain.
#ClickFix uses psychological manipulation by presenting fake issues and offering quick solutions, which makes it dangerously efficient. It appears in many forms – error popups, email attachments, fake reCAPTCHAs – highlighting the need for greater vigilance online.
Read more in the #ESETThreatReport:
🔗 https://welivesecurity.com/en/eset-research/eset-threat-report-h1-2025
ClickFix lures users by displaying bogus error messages followed by quick fix instructions, including copy-pasting malicious code. Running the code in the victim’s command line interpreter delivers malware such as #RATs, infostealers, and cryptominers.
Between H2 2024 and H1 2025, ESET’s detection for ClickFix, HTML/FakeCaptcha, skyrocketed by 517%. Most detections in ESET telemetry were reported from Japan (23%), Peru (6%), and Poland, Spain, and Slovakia (>5% each).
What makes #ClickFix so effective? The fake error message looks convincing; instructions are simple, yet the copied command is too technical for most users to understand. Pasting it into cmd leads to compromise with final payloads, including #DarkGate or #LummaStealer.
While #ClickFix was introduced by cybercriminals, it’s since been adopted by APT groups: Kimsuky, Lazarus; Callisto, Sednit; MuddyWater; APT36. NK-aligned actors used it to target developers, steal crypto and passwords from Metamask and #macOS Keychain.
#ClickFix uses psychological manipulation by presenting fake issues and offering quick solutions, which makes it dangerously efficient. It appears in many forms – error popups, email attachments, fake reCAPTCHAs – highlighting the need for greater vigilance online.
Read more in the #ESETThreatReport:
🔗 https://welivesecurity.com/en/eset-research/eset-threat-report-h1-2025
Tech Cybersecurity NieuwsCybercriminelen misbruiken microsoft teams en anydesk voor malware-aanvallen https://www.trendingtech.news/trending-news/2024/12/50246/cybercriminelen-misbruiken-microsoft-teams-en-anydesk-voor-malware-aanvallen #cybercriminaliteit #Microsoft Teams #AnyDesk #DarkGate malware #beveiligingsmaatregelen #Trending #News #Nieuws
RedPacket SecurityDarkGate Malware Distributed Through Microsoft Teams Vishing Attack - https://www.redpacketsecurity.com/attacker-distributes-darkgate-using-ms-teams-vishing-technique/
Kyle 🕵️♂️💻Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html
SOC PrimeA new malicious campaign uses impersonation via Microsoft Teams voice phishing (vishing), tricking the victims into downloading AnyDesk for remote access and deploying #DarkGate malware.
Tarnkappe.info📬 Keylogger versteckte sich in Erweiterung von Pidgin
#Cyberangriffe #Darkgate #Eset #Jabber #Keylogger #Pidgin https://sc.tarnkappe.info/b4019a
#Cyberangriffe #Darkgate #Eset #Jabber #Keylogger #Pidgin https://sc.tarnkappe.info/b4019a
Jennifer Morency 
#Malware infiltrates #Pidgin messenger’s official plugin repository https://www.bleepingcomputer.com/news/security/malware-infiltrates-pidgin-messengers-official-plugin-repository/ I used to use Pidgin to communicate with friends on AIM and similar messenger apps. The malicious plugin was offered only as a binary, not open source code. Worryingly, it had valid signatures, and so did the malware it downloaded. #DarkGate #Jabber #messenger
Malware infiltrates Pidgin messenger’s official plugin repository
The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks.
Hacker NewsMalware infiltrates Pidgin messenger's official plugin repository
https://www.bleepingcomputer.com/news/security/malware-infiltrates-pidgin-messengers-official-plugin-repository/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #DarkGate #Messenger #Pidgin #Plugin #Supply_Chain #Supply_Chain_Attack #virus_removal #malware_removal #computer_help #technical_support
https://www.bleepingcomputer.com/news/security/malware-infiltrates-pidgin-messengers-official-plugin-repository/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #DarkGate #Messenger #Pidgin #Plugin #Supply_Chain #Supply_Chain_Attack #virus_removal #malware_removal #computer_help #technical_support
Malware infiltrates Pidgin messenger’s official plugin repository
The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks.
The Threat CodexDarkGate: Dancing the Samba With Alluring Excel Files
#DarkGate
https://unit42.paloaltonetworks.com/darkgate-malware-uses-excel-files/
#DarkGate
https://unit42.paloaltonetworks.com/darkgate-malware-uses-excel-files/
