Microsoft Discloses New Variant of ClickFix Social Engineering Attack

Microsoft has revealed a new variant of the ClickFix social engineering attack, which exploits DNS queries via the nslookup command to deploy malicious payloads. Attackers trick users into executing commands that trigger a custom DNS search on Windows, allowing the download of a second-stage payload. No specific date or detailed impact has been mentioned. The technique relies on using nslookup to bypass traditional detection mechanisms. Source: https://thehackernews.com/2026/02/microsoft-discloses-dns-based-clickfix.html