DeepLoad Malware Pairs ClickFix Delivery with AI-Generated Evasion

ReliaQuest reports on the "DeepLoad" fileless malware campaign delivered via "ClickFix" social engineering that rapidly achieves persistent, credential-stealing access by using AI-like obfuscation, in-memory APC injection into LockAppHost.exe, a separate credential stealer (filemanager.exe) and browser extension, USB propagation, and WMI subscription-based reinfection; the report emphasizes runtime behavioral detection (PowerShell Script Block Logging, EDR telemetry), explicit WMI subscription auditing, rotating exposed credentials, and provides IOCs and detection recommendations.