top of page
perceptive_background_267k.jpg

I am not a robot: ClickFix used to deploy StealC and Qilin

Published:

18 december 2025 om 19:15:41

Alert date:

18 december 2025 om 20:01:18

Source:

news.sophos.com

Click to open the original link from this advisory

A cybercriminal campaign uses fake human verification processes (ClickFix) to trick users into installing malware. The campaign deploys StealC infostealer and Qilin ransomware on victim systems. The attack leverages social engineering by mimicking legitimate CAPTCHA verification prompts. Users are deceived into running malicious code thinking they are completing a security verification. This represents an active threat combining information theft and ransomware deployment.

Technical details

Mitigation steps:

Affected products:

Related links:

https://news.sophos.com/en-us/2025/12/18/i-am-not-a-robot-clickfix-used-to-deploy-stealc-and-qilin/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page