Deconstructing a Cyber Deception: An Analysis of the Clickfix HijackLoader Phishing Campaign 

**Executive Summary:** This report analyzes HijackLoader, a Malware‑as‑a‑Service loader observed since late 2023 that uses CAPTCHA-based phishing pages, fake installers and malvertising to deliver a multi-stage PowerShell loader which employs heavy obfuscation, anti-VM/sandbox checks, process doppelgänging and direct WOW64 syscalls to unpack a protected .NET PE and load DLLs that fetch infostealer/RAT payloads; the report includes network and file IOCs, detection names, and MITRE ATT&CK mappings to aid detection and response.