THREATNOIR
Subscribe
Back to Feed
MalwareJun 5, 2026

We detected an evasive #ClickFix injection with a fake Lirunex payment platform lure tricking the...

ClickFix malware campaign uses fake Lirunex payment lure to deliver RAT via SSL cert dialog.

Read at source

Summary

Security researchers discovered an evasive ClickFix injection campaign leveraging a counterfeit Lirunex payment platform to trick users into requesting SSL certificate paths through a file dialog. The attack silently delivers a Remote Access Trojan (RAT) disguised as image files, combining social engineering with stealthy payload delivery mechanisms.

Indicators of Compromise

  • malware — ClickFix
  • malware — RAT

Entities

ClickFix (campaign)ClickFix operators (threat_actor)