Security teams have grown accustomed to a particular workflow: a customer reports something suspicious, an analyst runs the URL through scanning tools, and the results inform the response. The workflow assumes that if something malicious exists at a URL, automated tools can see it. ClickFix attacks are built specifically to break that assumption.
The technique emerged in 2024 as a clever bit of social engineering: fake browser verification pages that trick users into pasting malicious commands. By mid-2025, it had evolved into something more significant. The attacks now incorporate layered evasion mechanisms that render them invisible to conventional scanning, and the emergence of point-and-click phishing kits has made the technique accessible to operators who couldn’t have built it themselves. What started as a social engineering trick has become an infrastructure problem, and the security industry’s detection models haven’t caught up.
How ClickFix attacks evade detection
Understanding why ClickFix defeats scanners requires looking at how the attacks are constructed. The social engineering component gets the attention (fake Cloudflare verification pages, clipboard hijacking, users instructed to paste commands into terminals), but the evasion architecture is what makes the technique dangerous at scale.
The attacks use gated delivery, meaning the malicious content only renders for visitors arriving through specific channels. When traffic comes from a malvertising campaign or a compromised WordPress site with the expected referrer header, the fake verification page appears. When a security scanner visits the same URL directly, it sees a benign page or nothing at all. The attack doesn’t hide from scanners so much as it simply doesn’t exist for them. This is a fundamental architectural choice, not a bug to be patched around.
The clipboard injection component compounds the detection problem. Traditional phishing pages host malicious files or redirect to payload servers, creating artifacts that monitoring tools can identify. ClickFix pages copy a command to the user’s clipboard and instruct them to execute it manually. There’s no file download to intercept, no suspicious redirect to flag. The user becomes the delivery mechanism, and browser security features like Google Safe Browsing have no event to trigger on.
Recent campaigns have added cache smuggling to the evasion stack. The payload arrives disguised as a JPEG image and sits in the browser cache before the user ever interacts with the verification prompt. When they execute the clipboard command, it extracts and runs the cached payload without generating new network requests. Endpoint tools watching for suspicious downloads observe nothing because, from their perspective, nothing was downloaded. The malware was already on the system, waiting.
The result is an attack that security teams struggle to verify even when customers report it. Analysts scan the reported URL and find nothing malicious. The attack only materializes when a human user follows the exact path the attacker designed: arriving through the right traffic source, with the right referrer, and actually clicking through the verification flow. Automated tools, by definition, cannot replicate this.
The ClickFix phishing kit ecosystem
The detection challenges would matter less if ClickFix remained a technique requiring custom development. It hasn’t. The IUAM ClickFix Generator, first documented by Unit 42 in October 2025, packages the entire attack into a web application. Operators select which brand to impersonate (Cloudflare, Fortinet, Google), customize the page text, configure OS detection to serve appropriate payloads for Windows or macOS, and generate deployment-ready pages. The kit handles clipboard injection, JavaScript obfuscation, and mobile blocking automatically.
This follows the phishing-as-a-service pattern that has reshaped other attack categories. The economics are familiar from phishing kit ecosystems: when attack techniques become products, the population of potential operators expands dramatically. Campaigns traced to the IUAM generator have delivered infostealers including DeerStealer, Lumma Stealer, and the Odyssey malware-as-a-service offering, all designed for credential harvesting, browser data extraction, and cryptocurrency wallet theft.
The operator behind Odyssey has reportedly supplied ClickFix-style lure pages to affiliates on request, suggesting the ecosystem has developed the same division of labor seen in mature fraud-as-a-service operations: kit developers, malware operators, and traffic providers working as distinct supply chain participants. Government agencies have taken notice. The U.S. Department of Health and Human Services issued a sector alert, Singapore’s Cyber Security Agency published mitigation guidance, and Microsoft documented multiple threat actors adopting the technique, including groups that previously relied on traditional email attachments.
The attacks continue to evolve. Late 2025 variants replaced the fake CAPTCHA with a convincing Windows Update screen, complete with progress bars and “Working on updates” messaging. The social engineering adapts to whatever interface users have been conditioned to trust; the evasion architecture underneath remains constant.
