Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.
Dubbed InstallFix by Push Security, the scheme inserts instructions to download malware during the Claude Code install process on cloned websites.
Microsoft reveals ClickFix campaign abusing Windows Terminal to deliver Lumma Stealer and steal browser credentials.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results