ClickFix vs. traditional download in new DarkGate campaign | Malwarebytes

A recent malvertising campaign targeting the Notion brand employed two delivery methods for the DarkGate malware loader: “ClickFix” and a traditional file download. The “ClickFix” method involved a fake CAPTCHA page instructing victims to execute PowerShell code, while the file download technique used a signed executable hosted on GitHub. Malwarebytes detects both payloads as Trojan.Dropper and Backdoor.DarkGate.