Caught in the CAPTCHA: How ClickFix is Weaponizing Verification Fatigue to Deliver RATs & Infostealers
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Threat actors are exploiting user fatigue with anti-spam mechanisms through a technique called ClickFix. This method involves compromising websites and embedding fraudulent CAPTCHA images, which, when solved by unsuspecting users, lead to the execution of malicious code. The attack chain typically includes PowerShell commands and the use of legitimate Windows tools to download and execute additional payloads. Common malware delivered through this technique includes Lumma Stealer, NetSupport RAT, and SectopRAT. The success of ClickFix relies heavily on social engineering and user interaction, making user education and awareness crucial in mitigating these attacks. Recommendations include training users to recognize suspicious requests, restricting PowerShell execution, and deploying advanced EDR solutions.
OPENCTI LABELS :
powershell,rat,social engineering,lumma,infostealer,netsupport rat,sectoprat,captcha,clipboard injection
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Caught in the CAPTCHA: How ClickFix is Weaponizing Verification Fatigue to Deliver RATs & Infostealers