New ClickFix Variant Uses Fake CAPTCHA to Deceive Users and Evade Security

📌 A new variant of the ClickFix attack leverages fake CAPTCHA prompts to deceive users into executing malicious commands on Windows systems. The attack abuses native Windows tools, including cmdkey and regsvr32, to establish persistence and evade detection by security software. By exploiting legitimate system utilities, the malware reduces the likelihood of being flagged as suspicious. No specific dates, CVE IDs, or affected software versions were disclosed in the report. The primary impact involves unauthorized access and potential data exfiltration due to the stealthy execution of malicious payloads.