SecurityWeek

Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign

A newly discovered InstallFix campaign relies on malicious commands on cloned installation webpages to trick victims into installing malware.
The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.
SecurityWeek

ClickFix Attack Uses Windows Terminal to Evade Detection

A new ClickFix attack variant uses fake CAPTCHA pages instructing victims to paste and execute malicious commands in Windows Terminal.

Microsoft warns ClickFix attacks targeting Windows Terminal to trick users into running malware

Windows Run is no longer the primary vessel for these attacks ...