ClickFix Attack.

A 2024-vintage social-engineering lure that displays a fake CAPTCHA, error dialog, or 'verify you're human' page instructing the victim to paste a pre-copied PowerShell command into Run, delivering info-stealers or loaders. Cette notion relève de la catégorie Attaques et menaces en cybersécurité.

A 2024-vintage social-engineering lure that displays a fake CAPTCHA, error dialog, or 'verify you're human' page instructing the victim to paste a pre-copied PowerShell command into Run, delivering info-stealers or loaders.

ClickFix is a social-engineering pattern that exploded in 2024 and remained one of the most common initial-access vectors in 2025–2026 stealer campaigns. The victim lands on a compromised or attacker-controlled page that mimics a CAPTCHA challenge, a Microsoft/Cloudflare verification prompt, or a 'fix the document loading error' dialog. The page silently writes a long, obfuscated PowerShell or `mshta` command to the clipboard and asks the victim to press Win+R, paste, and press Enter to 'complete verification' or 'apply the fix'. Because the user types the command themselves, no exploit, macro, or signed payload is required — endpoint controls relying on browser exploitation or office-macro telemetry miss it entirely. Documented payloads include Lumma Stealer, DarkGate, Vidar, Atomic Stealer (macOS variants), AsyncRAT, and SocGholish loaders. Defenses combine user training on never pasting commands into Run, attack-surface reduction rules blocking PowerShell/mshta launched from Explorer, and EDR telemetry on suspicious clipboard-sourced PowerShell.

Les défenses contre ClickFix Attack combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.

Noms alternatifs courants : Paste-and-run lure, Fake CAPTCHA attack.