Friday, April 25, 2025
Follow us On Linkedin
Homecyber securityClickFix Captcha - A New Technique Hackers Used to Deliver Infostealers, Ransomware,...

ClickFix Captcha – A New Technique Hackers Used to Deliver Infostealers, Ransomware, & Quakbot Malware

cyber securityCyber Security NewsMalwareRansomware

Published on

By Aman Mishra
ClickFix Captcha

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Cybercriminals are leveraging fake CAPTCHA verification pages dubbed ClickFix to distribute malware, including infostealers, ransomware, and the notorious Qakbot banking trojan.

This technique manipulates users into executing malicious commands disguised as routine “verify you are human” prompts.

The attack begins with a phishing page redirecting victims to a fake CAPTCHA site (e.g., cfcaptcha[.]com), where they are instructed to press Windows Key + R, paste a clipboard-injected command via CTRL + V, and execute it with Enter.

- Advertisement - Google News

This triggers a PowerShell script that downloads and runs malware payloads, such as Qakbot, from attacker-controlled domains like duolingos[.]com.

Quakbot Malware
PowerShell command

Obfuscation and Evasion Techniques

The malware employs layered obfuscation, including XOR-encrypted hex strings and dynamic URL generation, to evade detection.

For instance, the downloaded ZIP file (flswunwa.zip) from duolingos[.]com was hosted behind Cloudflare, returning 404 errors to frustrate analysis.

Further investigation revealed a PHP-based dropper acting as a proxy to fetch payloads from secondary servers, masking the true attack infrastructure.

According to the Report, despite partial takedowns of related domains, the technique’s reliance on social engineering ensures continued effectiveness.

Quakbot Malware
 ClickFix captcha at cfcaptcha[.]com

MITRE ATT&CK Alignment and Defense Recommendations

ClickFix aligns with multiple MITRE ATT&CK tactics, including Initial Access (Phishing), Execution (PowerShell), and Defense Evasion (Obfuscation).

To mitigate risks, organizations should:

  • Train users to recognize suspicious verification prompts.
  • Block known malicious domains (e.g., cfcaptcha[.]com).
  • Deploy endpoint protection capable of detecting anomalous PowerShell activity.

The resurgence of Qakbot and the adaptability of ClickFix underscore the need for proactive defenses against evolving social engineering threats.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

cyber security

DragonForce and Anubis Ransomware Gangs Launch New Affiliate Programs

Secureworks Counter Threat Unit (CTU) researchers have uncovered innovative strategies deployed by the DragonForce...
Cyber Attack

“Power Parasites” Phishing Campaign Targets Energy Firms and Major Brands

Silent Push Threat Analysts have uncovered a widespread phishing and scam operation dubbed "Power...
cyber security

Threat Actors Register Over 26,000 Domains Imitating Brands to Deceive Users

Researchers from Unit 42 have uncovered a massive wave of SMS phishing, or "smishing,"...
Cyber Attack

Russian Hackers Attempt to Sabotage Digital Control Systems of Dutch Public Service

The Dutch Defense Ministry has revealed that critical infrastructure, democratic processes, and North Sea...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

cyber security

DragonForce and Anubis Ransomware Gangs Launch New Affiliate Programs

Secureworks Counter Threat Unit (CTU) researchers have uncovered innovative strategies deployed by the DragonForce...
Cyber Attack

“Power Parasites” Phishing Campaign Targets Energy Firms and Major Brands

Silent Push Threat Analysts have uncovered a widespread phishing and scam operation dubbed "Power...
cyber security

Threat Actors Register Over 26,000 Domains Imitating Brands to Deceive Users

Researchers from Unit 42 have uncovered a massive wave of SMS phishing, or "smishing,"...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved