Today we are joined by <a href="https://www.linkedin.com/in/ben-f-309963233/">Ben Folland</a>, Security Operations Analyst from <a href="https://www.linkedin.com/company/huntress-labs/">Huntress</a>, discussing their work on "ClickFix Gets Creative: Malware Buried in Images." This analysis covers a ClickFix campaign that uses fake human verification checks and a realistic Windows Update screen to trick users into manually running malicious commands. 
The multi-stage attack chain leverages mshta.exe, PowerShell, and .NET loaders, ultimately delivering infostealers like LummaC2 and Rhadamanthys, with payloads hidden inside PNG images using steganography. While technically sophisticated, the campaign hinges on simple user interaction, underscoring the importance of user awareness and controls around command execution.
The research can be found here:
<ul>
 <li><a href="https://www.huntress.com/blog/clickfix-malware-buried-in-images">ClickFix Gets Creative: Malware Buried in Images</a></li>
</ul> Learn more about your ad choices. Visit <a href="https://megaphone.fm/adchoices">megaphone.fm/adchoices</a>

Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes]

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.