[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fy86TgXltAYj2avn2Hv4g62sxmXHkdd74s_BDL8tVq-w":3},{"article":4,"iocs":41},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":24,"category":25,"article_tags":28},"e4548619-faf3-4519-aef0-678e13fbd241","We detected an evasive #ClickFix injection with a fake Lirunex payment platform lure tricking the...","we-detected-an-evasive-clickfix-injection-with-a-fake-lirunex-payment-platform-l-b1076c","We detected an evasive #ClickFix injection with a fake Lirunex payment platform lure tricking the user into requesting the SSL certificate path through a file dialog box but silently delivers a RAT disguised as image files. Details at https:\u002F\u002Ft.co\u002F3gOKYWrMLz https:\u002F\u002Ft.co\u002FeWk175TzMh","Security researchers discovered an evasive ClickFix injection campaign leveraging a counterfeit Lirunex payment platform to trick users into requesting SSL certificate paths through a file dialog. The attack silently delivers a Remote Access Trojan (RAT) disguised as image files, combining social engineering with stealthy payload delivery mechanisms.","ClickFix malware campaign uses fake Lirunex payment lure to deliver RAT via SSL cert dialog.",null,"https:\u002F\u002Fx.com\u002FUnit42_Intel\u002Fstatus\u002F2062945300382151027","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHKENzSgWAAAUdKr.png","2026-06-05T17:11:01+00:00","2026-06-05T18:00:11.401799+00:00",7,[18,21],{"name":19,"type":20},"ClickFix","campaign",{"name":22,"type":23},"ClickFix operators","threat_actor","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":24,"icon":11,"name":26,"slug":27},"Malware","malware",[29,34,36],{"category":30},{"id":31,"icon":11,"name":32,"slug":33},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":35},{"id":24,"icon":11,"name":26,"slug":27},{"category":37},{"id":38,"icon":11,"name":39,"slug":40},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[42,44],{"type":27,"value":19,"context":43},"Evasive injection malware using fake payment platform lures",{"type":27,"value":45,"context":46},"RAT","Remote Access Trojan disguised as image files delivered via ClickFix campaign"]