Update: ClickFix Campaign Uses Fake Verification Prompts to Deliver Cross-Platform Infostealers

Intel471 Security researchers have uncovered a sophisticated, large-scale malware campaign known as ClickFix that targets both Windows and macOS systems through deceptive search-engine results for pirated software. Instead of legitimate downloads, users encounter malicious pages hosted on Google services—including Drive, Sites, and Colab—that appear trustworthy and therefore evade most web filters. These pages display fake Cloudflare verification prompts that instruct users to paste what seems to be a harmless command into their terminal, which instead executes a Base64-encoded payload directly in memory. This fileless technique avoids creating detectable files on disk, effectively bypassing antivirus and traditional endpoint protection. Once executed, Windows users receive the ACR infostealer capable of harvesting credentials, cookies, and browser data while also deploying secondary payloads such as SharkClipper, which swaps cryptocurrency wallet addresses. macOS users are infected with Odyssey, a highly capable stealer that collects passwords, Apple Keychain data, browser cookies, and documents, while maintaining persistence and operating invisibly within system processes. The campaign’s scale is reflected in a reported 700 percent spike in ACR stealer logs on underground forums in May 2025, corresponding to over 133,000 newly compromised user profiles in a single month. The effectiveness of ClickFix stems from its use of trusted cloud infrastructure, realistic social engineering, and advanced evasion tactics that allow attackers to bypass email security, endpoint filters, and web proxy defenses. By embedding the attack chain within legitimate Google services and executing commands entirely in memory, the operators have built a near-undetectable delivery system that capitalizes on user behavior rather than exploiting software flaws. Microsoft’s 2025 Digital Defense Report attributes nearly half of all observed initial access incidents to ClickFix, underscoring its rise as a dominant infection vector. Once compromised, systems can be repurposed for credential theft, financial fraud, or the distribution of additional malware, posing serious risks to both individuals and enterprises. Security professionals urge users never to execute unverified terminal commands, regardless of how authentic a page may appear, and recommend that organizations deploy advanced endpoint detection and response systems with behavioral monitoring to identify memory-based and fileless threats before they spread further.

Attackers Weaponize Legitimate RMM Tools to Deploy PatoRAT Backdoor

Researchers at AhnLab Security Intelligence Center (ASEC) have identified an advanced attack campaign that weaponizes legitimate Remote Monitoring and Management (RMM) software, including LogMeIn Resolve (GoTo Resolve) and PDQ Connect, to deploy stealthy backdoors and steal data. The operation begins through deceptive download portals imitating official websites for trusted applications such as Notepad++, WinRAR, 7-Zip, VLC Media Player, and even ChatGPT. These fake pages deliver installers that appear authentic but secretly bundle modified RMM tools alongside hidden malware components. Once executed, victims unknowingly install both the legitimate RMM agent and malicious scripts that give attackers remote access. By exploiting LogMeIn Resolve's built-in administrative functions, threat actors can execute PowerShell commands, deploy payloads, and maintain persistence via trusted infrastructure unlikely to trigger antivirus or firewall alerts. ASEC identified three unique CompanyId values embedded in LogMeIn Resolve configurations linking these installations to coordinated campaigns targeting Korean users. The attackers further expanded their toolkit by abusing PDQ Connect to distribute and execute PatoRAT, a powerful Delphi-based backdoor capable of full system surveillance and control. Once active, PatoRAT collects detailed system data, including CPU information, OS version, privileges, and display configurations, before communicating with its command-and-control servers. It supports keylogging, screen capture, credential theft from browsers, and remote desktop control via hidden VNC, in addition to installing secondary tools for port forwarding and maintaining persistence via plugins. Researchers also noted Portuguese-language elements in its code, suggesting a potential Brazilian link to the campaign. The use of trusted administrative platforms to deliver malware highlights a growing threat trend where legitimate IT tools are repurposed for intrusion and data theft. To reduce exposure, users should only install software from verified vendor sources, validate digital signatures, and organizations should closely monitor for unapproved RMM installations, track the identified CompanyIds, and deploy network-level monitoring to detect unusual remote access activity or indicators linked to PatoRAT.

MastaStealer Campaign Uses LNK Shortcuts and MSI Installers to Evade Detection

Security researchers have uncovered a sophisticated spear-phishing campaign distributing MastaStealer, a stealthy command-and-control (C2) malware that exploits Windows LNK shortcut files to gain initial access and disable endpoint protections. The attack begins with a ZIP archive containing a single LNK file that, when executed, launches Microsoft Edge and opens the legitimate AnyDesk website to distract the user. In the background, the shortcut silently retrieves an MSI installer from a typosquatted domain, anydesk[.]net, mimicking the real AnyDesk site. If installation succeeds, the MSI extracts its payload to a hidden directory under %LOCALAPPDATA%\Microsoft\Windows, dropping an executable named dwm[.]exe that functions as the active C2 beacon. This beacon provides attackers with persistent remote access, command execution, and system-level control. During installation, the MSI executes a PowerShell command that adds the malware’s directory to Windows Defender’s exclusion list, effectively disabling real-time protection for the payload and ensuring long-term stealth. Researchers first detected the campaign through failed installation logs on systems without admin privileges, which generated Event ID 11708, triggering automated incident response actions. This attack demonstrates a multi-layered evasion chain that combines trusted file formats, domain impersonation, and security tool manipulation to bypass enterprise defenses. The C2 servers used in the operation employ randomized naming schemes to avoid detection through reputation-based or DNS filters. The campaign’s strength lies in its precision: if a user lacks administrative permissions, the attack fails safely, but with elevated rights, it proceeds undetected and disables built-in defenses. MastaStealer’s modular design and abuse of legitimate Windows features underline the continued effectiveness of social engineering and system-native tools in targeted attacks. Organizations are advised to monitor for LNK file executions, unsigned MSI installations, and PowerShell commands modifying Defender exclusions, while correlating Windows Installer event logs to identify failed or suspicious deployments early, before threat actors adapt and succeed.

Elastic Patches Kibana Origin Validation Flaw Allowing SSRF Exploitation

Elastic has issued a detailed advisory warning of a medium-severity vulnerability in Kibana, tracked as CVE-2025-37734, that exposes systems to potential Server-Side Request Forgery (SSRF) attacks. The flaw stems from an origin validation error in Kibana’s Observability AI Assistant component, which fails to verify incoming Origin HTTP headers properly. By manipulating these headers, attackers can trick the application into making unauthorized server-side requests, thereby gaining indirect access to internal systems and resources that should not be accessible externally. This exploitation vector could allow threat actors to gather sensitive data, pivot deeper into network environments, or exfiltrate information by leveraging the server as a proxy. The vulnerability impacts multiple versions of Kibana—specifically 8.12.0 through 8.19.6, 9.1.0 through 9.1.6, and 9.2.0—representing a broad exposure window for unpatched deployments using the Observability AI Assistant feature. Elastic assigned the flaw a low CVSS score but noted that it requires minimal privileges and no user interaction, meaning even low-level network access could be sufficient for exploitation. Elastic has released fixes in versions 8.19.7, 9.1.7, and 9.2.1, and confirmed that its Elastic Cloud Serverless customers were not affected since the issue was patched through continuous deployment before disclosure. Security teams are strongly advised to upgrade to the fixed versions as soon as possible to close the attack surface. For environments unable to patch immediately, temporarily disabling the Observability AI Assistant can serve as an effective interim mitigation. Administrators should also review recent access logs for signs of tampered Origin headers or suspicious server-side requests that could indicate exploitation attempts. Continuous monitoring of network behavior, along with prompt application of the provided updates, remains critical to preventing unauthorized access and minimizing potential damage from SSRF-based intrusions targeting Kibana environments.

GitLab Patches Nine Vulnerabilities Including Prompt Injection Flaw in GitLab Duo

GitLab has released an advisory addressing nine security vulnerabilities across the Community Edition (CE) and Enterprise Edition (EE), including a newly discovered prompt-injection flaw in GitLab Duo that risks exposing confidential data. The most notable issue, CVE-2025-6945, allows authenticated users to exfiltrate sensitive information by embedding hidden prompts in merge request comments, causing GitLab Duo’s AI review feature to disclose restricted content unintentionally. The vulnerability highlights the growing risks of AI-assisted workflows when prompt input validation is insufficient. Other key fixes include a high-severity cross-site scripting flaw (CVE-2025-11224) in the Kubernetes proxy that enables stored XSS attacks due to improper input sanitization, and two medium-severity information disclosure issues (CVE-2025-2615, CVE-2025-7000) that could expose private project data through GraphQL subscriptions and access control weaknesses. A medium authorization flaw in workflows (CVE-2025-11865) allows unauthorized deletion of Duo workflows, underscoring gaps in permission enforcement for enterprise users. The remaining vulnerabilities—ranging from path traversal and improper access control to denial-of-service in Markdown rendering—further demonstrate systemic risks from insufficient input validation and access restrictions. The affected versions span GitLab CE and EE releases from 13.2 up to 18.5, depending on the vulnerability, with patched versions available in 18.5.2, 18.4.4, and 18.3.6. GitLab and Dedicated customers have already received automatic updates, while self-managed deployments must upgrade immediately to mitigate exposure. The company credited several findings to security researchers participating in its HackerOne bug bounty program, reflecting strong collaboration between the vendor and the external security community. In addition to patching the nine vulnerabilities, GitLab updated the bundled libxslt library to version 1.1.43 to address separate CVEs (CVE-2024-55549 and CVE-2025-24855). Security teams should prioritize upgrading, reviewing access logs for unusual Duo review activity or GraphQL queries, and enforcing strict role-based permissions. Maintaining up-to-date patch levels and continuous monitoring for abnormal access patterns remains critical to preventing prompt injection, data theft, and other abuse of GitLab’s collaborative development features.