Proactive ClickFix Threat Hunting with Hunt.io

This report describes the emergence and observed usage of "ClickFix," a browser-based social-engineering technique that hijacks the clipboard and tricks users into pasting and executing malicious commands (via mshta.exe, PowerShell, or JavaScript) under the guise of CAPTCHA or security prompts; researchers identified multiple active domains, payload delivery chains (including Lumma and CryptBot), credential-phishing variants targeting Zoho, fileless PowerShell staging, and provided domain/IP/ASN and file-hash IOCs to help defenders hunt and block activity.