Infosecurity Magazine reports that intrusions involving the ClickFix social engineering technique rose by 517% during the first half of 2025, with such tactics leveraged in almost 8% of all blocked attacks over the same period.
Highly effective attacks with ClickFix which uses bogus verification or error messages to lure victims into executing malicious scripts have since led to the increasing prevalence of builders providing weaponized landing pages for other threat actors, according to an analysis from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even custom malware from nation-state-aligned threat actors," said ESET Director of Threat Prevention Ji Krop. Additional findings revealed that SnakeStealer has become the most dominant information-stealing malware during the first six months of the year, after being observed in 20% of all infections during the same period, while Agent Tesla detections dropped by 57% amid operators' lack of access to servers with its source code.
Highly effective attacks with ClickFix which uses bogus verification or error messages to lure victims into executing malicious scripts have since led to the increasing prevalence of builders providing weaponized landing pages for other threat actors, according to an analysis from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even custom malware from nation-state-aligned threat actors," said ESET Director of Threat Prevention Ji Krop. Additional findings revealed that SnakeStealer has become the most dominant information-stealing malware during the first six months of the year, after being observed in 20% of all infections during the same period, while Agent Tesla detections dropped by 57% amid operators' lack of access to servers with its source code.
