Find notable cyber news and cases, enriched with sources, timelines, and signals.

JackFix ClickFix fake-adult-site phishing campaign

Campaign
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

The JackFix campaign is using fake adult websites and ClickFix lures to trick users into running malicious commands, enabling an infection chain that can drop stealers and RATs. The operation disguises itself as a critical Windows security update and uses malvertising and other social-engineering routes to reach victims. Once users comply, the chain can launch mshta.exe and PowerShell stages that fetch additional payloads and evade analysis.

Related Happenings

AI-generated PowerShell Active Directory reconnaissance script

Malware Activity
H score23 First: 09.07.2026 17:00 Last: 09.07.2026 17:00 Sources 1

About this happening: An **AI-generated PowerShell script** was used in a real **Windows intrusion**, showing how one-off malware can automate **Active Directory reconnaissance** and evade signature-ba...

Backdoor.Turn Microsoft Teams TURN relay malware activity

Malware Activity
H score29 First: 16.06.2026 13:18 Last: 16.06.2026 13:18 Sources 1

About this happening: **Backdoor.Turn** is a **Go-based RAT** tied to **DragonForce ransomware** operators that hid command-and-control traffic through **Microsoft Teams TURN relay infrastructure** dur...

Vidar Stealer ClickFix campaign targeting multiple sectors

Campaign
H score38 First: 08.05.2026 14:00 Last: 08.05.2026 14:00 Sources 1

About this happening: The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...

Venom Stealer MaaS continuous credential theft and exfiltration

Malware Activity
H score29 First: 01.04.2026 16:30 Last: 01.04.2026 16:30 Sources 1

About this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...

Compromised legitimate WordPress websites used to infect visitors with infostealer malware campaign expands across multiple victims

Campaign
H score34 First: 11.03.2026 16:45 Last: 11.03.2026 16:45 Sources 1

About this happening: A **global ClickFix campaign** is abusing compromised **WordPress** sites to push **infostealer malware** to visitors, putting credentials and financial data at risk. The operatio...

Timeline

  1. 25.11.2025 16:18 2 articles · 7mo ago

    JackFix ClickFix fake adult site campaign disclosed

    Initial Disclosure

    Cybersecurity researchers identified JackFix as a ClickFix campaign that uses fake adult websites and phony Windows Update full-screen lures to trick users into running mshta.exe commands that fetch PowerShell payloads. The chain uses obfuscation and anti-analysis measures, can elevate privileges with Start-Process and "-Verb RunAs", creates Microsoft Defender Antivirus exclusions, and can deliver loaders and RATs including Rhadamanthys Stealer, Vidar Stealer 2.0, RedLine Stealer, Amadey, and other payloads. A related Huntress-described chain also uses a ClickFix lure masquerading as Windows Update and steganography to hide shellcode in an embedded PNG, enabling Lumma or Rhadamanthys delivery.

    Show sources