ClickFix Attacks Surge with Fake Windows Update Lures

Cybersecurity researchers have identified a new campaign using ClickFix lures and fake adult websites to deceive users into running malicious commands disguised as Windows security updates. The campaign, codenamed JackFix, leverages highly convincing fake Windows update screens and uses malvertising for distribution. The attack involves a multi-stage process, including the use of mshta.exe to run a PowerShell command that retrieves additional malicious scripts. The final payloads include various information-stealing malware such as Rhadamanthys Stealer and Vidar Stealer 2.0. Organizations can defend against these attacks by training employees and disabling the Windows Run box.