ClickFix Deception: A Social Engineering Tactic to Deploy Malware

McAfee Labs describes a ‘Clickfix’ social-engineering campaign where compromised websites show faux error prompts that copy base64-encoded PowerShell commands to the clipboard; users are tricked into pasting and running them, which downloads HTA/AutoIt stages and deploys payloads such as DarkGate (backdoor) and Lumma Stealer (infostealer). The report includes technical analysis of the HTML/JS/PowerShell/HTA chain, process/network behaviors, hashes and URLs as IoCs, and recommended mitigations (user training, EDR/AV, web/email filtering, least privilege, MFA, patching, backups).