ClickFix Attack.

A 2024-vintage social-engineering lure that displays a fake CAPTCHA, error dialog, or 'verify you're human' page instructing the victim to paste a pre-copied PowerShell command into Run, delivering info-stealers or loaders. サイバーセキュリティの 攻撃と脅威 カテゴリに属します。

A 2024-vintage social-engineering lure that displays a fake CAPTCHA, error dialog, or 'verify you're human' page instructing the victim to paste a pre-copied PowerShell command into Run, delivering info-stealers or loaders.

ClickFix is a social-engineering pattern that exploded in 2024 and remained one of the most common initial-access vectors in 2025–2026 stealer campaigns. The victim lands on a compromised or attacker-controlled page that mimics a CAPTCHA challenge, a Microsoft/Cloudflare verification prompt, or a 'fix the document loading error' dialog. The page silently writes a long, obfuscated PowerShell or `mshta` command to the clipboard and asks the victim to press Win+R, paste, and press Enter to 'complete verification' or 'apply the fix'. Because the user types the command themselves, no exploit, macro, or signed payload is required — endpoint controls relying on browser exploitation or office-macro telemetry miss it entirely. Documented payloads include Lumma Stealer, DarkGate, Vidar, Atomic Stealer (macOS variants), AsyncRAT, and SocGholish loaders. Defenses combine user training on never pasting commands into Run, attack-surface reduction rules blocking PowerShell/mshta launched from Explorer, and EDR telemetry on suspicious clipboard-sourced PowerShell.

ClickFix Attack に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Paste-and-run lure, Fake CAPTCHA attack。