VERY IMPORTANT

The ClickFix social engineering technique, which tricks users into copying and running malicious PowerShell commands, has become increasingly prevalent across the threat landscape. Initially observed in campaigns by TA571 and ClearFake, it is now used by multiple threat actors to deliver various malware types. The technique often employs fake error messages or CAPTCHA checks to deceive users. Recent examples include GitHub notification impersonations delivering Lumma Stealer, Swiss-targeted campaigns distributing AsyncRAT, fake software updates deploying NetSupport RAT, and ChatGPT-themed malvertising delivering XWorm. The technique's popularity stems from its effectiveness in bypassing security measures by exploiting users' desire to resolve issues independently.