ClickFix: The Social Engineering Technique Hackers Use to Manipulate Victims

This Group-IB report analyzes the ClickFix (aka ClearFix) social-engineering technique—fake CAPTCHAs and “Fix” prompts that auto-copy malicious PowerShell to the clipboard and trick users into pasting it into the Windows Run dialog—detailing an August 2024 incident where a SMOKESABER downloader fetched bravo.zip containing the LummaC2 infostealer, providing indicators, delivery methods (malvertising, phishing, social spam), observed APT usage, detection/hunting guidance, and mitigation recommendations.