Microsoft Unveils ClickFix Campaign Exploiting Windows Terminal for Lumma Stealer Malware

Microsoft disclosed a new ClickFix social engineering campaign in February 2026 that exploits the Windows Terminal app to execute an attack chain deploying the Lumma Stealer malware. The campaign replaces traditional methods, such as instructing users to launch the Windows Run dialog, by leveraging the terminal emulator program to initiate the infection. No specific victim count, geographic targets, or CVE IDs were mentioned in the report. The attack was observed as widespread, though no further technical details about the malware’s propagation or persistence mechanisms were provided. The primary impact involves unauthorized deployment of Lumma Stealer, a malware designed for data theft.