Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it's now the rule.

July 1, 2026

In the span of just two years, ClickFix has gone from an emerging social engineering technique to the overwhelming favorite among threat actors for malware delivery.

That's according to research from ReliaQuest, which analyzed threat activity from March 1 to May 31 and found that ClickFix dominated initial access and defense-evasion categories. ClickFix, a social engineering tactic first observed in 2024, tricks targeted individuals into copying and pasting malicious commands into system dialogs like Windows Terminal.

Attackers achieve this by presenting targets with error messages or verification prompts like CAPTCHA requests, which include text-based commands to "fix" whatever the issue is. This approach bypasses traditional file scanning and email-based defenses, ReliaQuest noted.