CyberSecurity News

Clickfix Attack Uses DNS Hijacking to Spread New Malware

After initial infection, the Clickfix attack proceeds by deploying a malicious Python script. This script then undertakes host and domain reconnaissance, gathering details about the target...

Marcus Rodriguez
Marcus Rodriguez
February 14, 2026 One Min Read
0 0

After initial infection, the Clickfix attack proceeds by deploying a malicious Python script. This script then undertakes host and domain reconnaissance, gathering details about the target environment.

To maintain access to the compromised system, the malware establishes persistence by dropping a VBScript file and creating a shortcut named MonitoringService.lnk in the Windows Startup folder.

The final payload delivered in this campaign is a Remote Access Trojan (RAT) identified as ModeloRAT. Microsoft Defender Antivirus detects and blocks this activity under the threat signature Trojan:Win32/ClickFix.R!ml.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackMalwareThreat

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts