Overview

• Guardio Labs reports that ClickFix has become one of the most widespread and dangerous browser-based threats worldwide.
• Attackers abuse Google Scripts and other reputable hosts to deliver fake CAPTCHA and technical error messages mimicking legitimate services.
• Deceived users are instructed to paste covert scripts into Windows Run dialogs or macOS Terminal, triggering installs of stealers, remote access trojans, and loaders.
• The campaign spreads through phishing emails, malvertising, drive-by downloads, and SEO poisoning to funnel victims to malicious pages.
• Both cybercriminal syndicates and state-sponsored groups have deployed ClickFix in mass drive-by and targeted spear-phishing operations, contributing to what Guardio Labs dubs “CAPTCHAgeddon.”