ClickFix has quickly become one of the most prevalent social engineering techniques on the web. The attack flips a familiar security assumption on its head: instead of slipping a malicious file past endpoint defenses, the attacker convinces the victim to run the payload themselves. No exploit. No malicious attachment. Just a user, a clipboard, and a convincing prompt. To address this growing threat, the ThreatCloud AI team built a new detection engine, now integrated into Check Point’s Gateways (Zero-Phishing Blade), Email Security and Browse Security. The ClickFix Threat ClickFix attacks open with a familiar-looking prompt, a fake CAPTCHA, a Cloudflare […]
The post ClickFix: The Attack That Turns Users Into Their Own Attackers appeared first on Check Point Blog.
Read the original article: