Fix the Click: Preventing the ClickFix Attack Vector unit42.paloaltonetworks.com/preventin…

In this article, we share hunting tips and mitigation strategies for ClickFix campaigns and provide an inside view of some of the most prominent ClickFix campaigns we have seen so far in 2025:

• Attackers distributing NetSupport remote access Trojan (RAT) are ramping up activities with a new loader
• Attackers distributing Latrodectus malware are luring victims with a new ClickFix campaign
• Prolific Lumma Stealer campaign targeting multiple industries with new techniques

ClickFix is an increasingly popular technique that threat actors use in social engineering lures. This technique tricks potential victims into executing malicious commands, under the pretense of conducting “quick fixes” for common computer issues.