ClickFix Hack Fakes Cloudflare to Spread Malware

Cybersecurity researchers have uncovered a ClickFix malware campaign that leverages a counterfeit Cloudflare Turnstile—a system typically used to verify human users—to trick victims into downloading malicious software. The attack mimics Cloudflare’s “humanness” verification process to deceive users into believing they are interacting with a legitimate security check. Once engaged, the fraudulent interface initiates the installation of malware onto the victim’s device.

The spoofed Turnstile component plays a key role in the social engineering tactic, exploiting user trust in Cloudflare’s security tools. The deceptive strategy enables attackers to bypass user skepticism and deliver their payload with minimal resistance. Researchers analyzing the campaign highlighted the sophistication of the fake prompt, which closely resembles the authentic Cloudflare experience.

The discovery sheds light on a growing trend in which threat actors co-opt trusted technology brands to enhance the credibility of their attacks. Analysts warn that such methods may become more prevalent as attackers refine their evasion techniques.