Known malicious kitcriticalphishing

ClickFix FakeCAPTCHA — PowerShell variant

family: clickfix-fakecaptcha

Fake-CAPTCHA HTML page that copies a `powershell -enc <base64>` command to clipboard for the victim to paste into Win+R. Social-engineering pretext: "Verify you are human" / "Not a robot" / "Verification Steps" / "Press Windows Key + R / Ctrl + V / Enter". YARA rule reports 283 samples matched, >60% zero AV detection at time of analysis.

Fingerprint anchors

No JS-hash anchors (YARA-anchored kit).

Provenance

Added by: analyst

Added: 2026-05-27 10:49

YARA-anchored (no JS fingerprint — kit lives in HTML body / inline <script>). Trigger 090 auto-sights on every new yara_matches row.

Sightings (0)

No sightings recorded yet.