惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
IT之家
IT之家
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
N
News | PayPal Newsroom
Cloudbric
Cloudbric
Webroot Blog
Webroot Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Simon Willison's Weblog
Simon Willison's Weblog
Spread Privacy
Spread Privacy
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
Vulnerabilities – Threatpost
Attack and Defense Labs
Attack and Defense Labs
C
Cyber Attacks, Cyber Crime and Cyber Security
Cisco Talos Blog
Cisco Talos Blog
C
Cybersecurity and Infrastructure Security Agency CISA
H
Hackread – Cybersecurity News, Data Breaches, AI and More
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
S
Secure Thoughts
T
Tor Project blog
Latest news
Latest news
aimingoo的专栏
aimingoo的专栏
V2EX - 技术
V2EX - 技术
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Securelist
T
Tenable Blog
N
Netflix TechBlog - Medium
Google Online Security Blog
Google Online Security Blog
博客园 - Franky
T
Troy Hunt's Blog
量子位
大猫的无限游戏
大猫的无限游戏
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
MongoDB | Blog
MongoDB | Blog
H
Heimdal Security Blog
D
Docker
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
G
Google Developers Blog
博客园 - 叶小钗
腾讯CDC
The Hacker News
The Hacker News
WordPress大学
WordPress大学
人人都是产品经理
人人都是产品经理
Project Zero
Project Zero
Martin Fowler
Martin Fowler

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
When the user is the exploit: how ClickFix quietly became the most common way in
Ronnie Mathew · 2026-06-02 · via DEV Community

A finance employee is booking a restaurant for a team dinner. The reservation site asks her to verify she is human. She has done this a thousand times. The page tells her to press the Windows key and R, paste what is already on her clipboard, and hit Enter. She does it without thinking. There is no download, no attachment, no warning from her antivirus. The verification box disappears and the site loads normally. Nothing seems wrong.

What actually happened is that she just ran a PowerShell command that installed an information stealer on her machine. Within minutes, her browser cookies, saved passwords, and active session tokens are on their way to a server she will never see. No malware got past the email filter, because nothing arrived by email. No file triggered the endpoint agent, because she typed the command in herself.

This is ClickFix, and in the space of about eighteen months it has gone from a curiosity to the single most common way attackers gain initial access. Microsoft attributed roughly 47 percent of initial access attacks in 2025 to this one technique. That is not a niche trick anymore. It is the front door.

The uncomfortable truth is that ClickFix does not exploit a software vulnerability. It exploits the user's willingness to follow instructions, and most of our defences were never designed to stop that.

How the attack actually works

ClickFix is built around a simple deception. The attacker compromises a legitimate website or stands up a convincing fake, then replaces a routine step such as a CAPTCHA or a browser error with a fake version. The fake prompt tells the user that to prove they are human, fix a display problem, or complete verification, they need to perform a few quick steps.

Those steps are almost always the same. Press Windows and R to open the Run dialog, or open a terminal. Paste the command that has already been copied to the clipboard in the background. Press Enter. The user believes they are completing a security check. They are actually executing the attacker's code with their own hands.

The payload is usually a PowerShell command that quietly downloads and runs the real malware. Common families seen through late 2025 and into 2026 include information stealers such as LummaStealer, StealC, and Amatera, along with remote access tools like AsyncRAT and Xworm. The exact payload varies. The delivery method does not.

Variants have multiplied quickly. CrashFix dresses the lure up as a system crash dialog. FileFix abuses the File Explorer address bar instead of the Run dialog. A DNS-based version hides the command inside an nslookup query. The surface details keep changing, but every variant relies on the same thing: convincing the person to run the command themselves.

Why it slips past tools that should catch it

Most of the security stack in a typical organisation is built to inspect things that arrive. Email gateways scan attachments and links. Endpoint detection watches for malicious files being written and executed. Sandboxes detonate suspicious downloads in isolation to see what they do. ClickFix is designed to make all of that irrelevant.

There is no attachment to scan, because the lure is a web page. There is no malicious file to detect at first, because the initial action is a command the user types into a trusted system tool. Sandboxes that analyse downloaded files never get the chance, because nothing is downloaded in the way they expect. The attacker has effectively moved the point of compromise from the network to the keyboard.

This is also why CAPTCHA-gated lures have become so popular. A fake CAPTCHA does double duty. It builds trust with the user, who associates the checkbox with safety, and it blocks automated security crawlers, which cannot solve the challenge and therefore never see the malicious page behind it. Microsoft tracked CAPTCHA-gated phishing more than doubling in a single month in early 2026, reaching close to twelve million attacks in March alone.

The technique sits inside a broader pattern worth naming. The malicious action is hidden inside a workflow the user already trusts and expects to be safe. Fake tech support flows, consent phishing that abuses real sign-in screens, and QR-code device-linking scams all follow the same logic. ClickFix is the most successful example of the pattern, not the only one.

The shift this represents

For most of the last two decades, defenders have made it steadily harder to break into systems. Patching improved. Exploit mitigations got better. Email filtering matured. The result is that buying or developing a working software exploit is expensive and unreliable, while convincing a person to paste a command costs almost nothing and works often enough to be worth it at scale.

Generative AI has tilted this further. The lure pages, the instructional videos, and the supporting text can now be produced quickly, in any language, tuned to whatever brand or context the attacker wants to imitate. Security researchers have already documented ClickFix campaigns that use short videos to walk victims through the steps, and campaigns that target specific groups such as content creators with offers of verified badges. The economics now favour deception over exploitation, and attackers have noticed.

What detection looks like when the file is not the signal

If the file is no longer the reliable signal, detection has to move to behaviour. The good news for security teams is that ClickFix leaves a fairly distinctive trail, even though it avoids the usual tripwires.

The most reliable signal is the process lineage. A browser spawning a command interpreter is unusual in most environments. When that command interpreter is PowerShell, launched with encoded or obfuscated arguments, shortly after a user interacted with a web page, that sequence is worth a high-confidence alert. The same goes for the Run dialog being used to launch a script, which is rare for ordinary users and common in these attacks.

Other useful signals include command lines that reference clipboard contents, PowerShell reaching out to a freshly registered domain, and unusual use of living-off-the-land binaries that proxy execution through trusted Microsoft components. None of these are conclusive on their own, but together they describe a behaviour that legitimate users almost never produce.

For teams running a SIEM, the practical work is to build and tune detections around this behaviour rather than around file hashes. In platforms like IBM QRadar, that means correlation rules that tie a browser parent process to a script interpreter child process, enriched with reputation context on any domain the command contacts. The detection logic should be specific enough to avoid drowning analysts in noise from legitimate administrative scripting, which is exactly the kind of tuning discipline that separates a useful rule from one that gets ignored.

Why awareness training is necessary but not enough

The obvious response to a social engineering attack is to train people to recognise it. That training matters, and the specific message is simple enough to land: no legitimate website will ever ask you to open a terminal, paste a command, and run it. If a verification step asks you to do that, it is an attack. That single rule, understood widely, would stop most ClickFix attempts.

But training alone is a fragile defence. People are busy, distracted, and conditioned to complete verification steps quickly. The same employee who would pass a phishing quiz on a calm Tuesday afternoon will paste the command when they are rushing to book a venue before a meeting. Defences that depend on every person being alert every time will eventually fail, because that is not how attention works.

The stronger position is to reduce what a successful lure can achieve. Restricting who can launch script interpreters, controlling access to the Run dialog through policy, and making sure session tokens are short-lived all limit the blast radius when someone does fall for it. Phishing-resistant authentication such as passkeys and hardware security keys is particularly valuable here, because even when an information stealer grabs a session token, cryptographically bound credentials are far harder to replay.

Where this leaves defenders

ClickFix works because it turns the person into the delivery mechanism, and our industry spent twenty years building defences aimed at everything except that. The technique is cheap, adaptable, and effective, which means it is not going away. If anything, the variants emerging through 2026 suggest it is still being actively developed.

The realistic path forward is not a single product or a single training session. It is layered. Teach the one rule that matters, so people have a chance to stop the attack themselves. Build behavioural detections that catch the attack when training fails, focused on process lineage rather than files. Reduce privileges and shorten token lifetimes so that a successful lure yields as little as possible. And tune those detections continuously, because the surface details of the lure will keep changing while the underlying behaviour stays the same.

The attackers have understood something important about modern security. The hardest layer to patch is the human one, and the most trusted moments are the routine ones. Defenders who internalise the same insight, and design for the moment a careful person makes a careless click, are the ones who will stay ahead. The decoy here is not a fake server. It is a fake sense of safety, and the work of defence is to make that fake safety expensive for the attacker to manufacture.


Originally written by Ronnie Philip Mathew. Views are my own.

Tags: security, cybersecurity, infosec, threatdetection, soc