Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Microsoft Alerts to ClickFix Technique Exploiting DNS Queries

Microsoft Alerts to ClickFix Technique Exploiting DNS Queries

Posted on February 16, 2026 By CWS

Microsoft has issued an alert regarding a sophisticated method known as ClickFix, which is being used by cybercriminals to distribute malware through DNS query manipulation. This technique has gained traction over the past year among both independent cybercriminals and state-backed groups.

Understanding the ClickFix Technique

The ClickFix strategy involves displaying a deceptive error message on compromised or malicious websites. Victims are then instructed to resolve the fabricated issue by pressing specific keys and undertaking additional steps, such as executing commands. These actions inadvertently grant attackers elevated permissions, allowing them to download malicious software or run harmful scripts.

In a recent incident observed by Microsoft, the attack involved instructing victims to execute a command that performs a custom DNS lookup. This initial command is executed through cmd.exe, targeting an external DNS server instead of the usual system resolver. The output is filtered to extract specific DNS responses, which are used as a secondary payload.

Leveraging DNS for Stealth

This approach enables attackers to establish connections to their own infrastructure while masking the operation within normal network traffic, thus improving their chances of avoiding detection. The subsequent payload is a Python script tailor-made for reconnaissance activities. Once executed, it downloads further malicious components and establishes a persistence mechanism.

The final stage involves deploying a remote access trojan (RAT) called ModeloRAT. This tool provides attackers with the capability to gather intelligence from the compromised system and deploy additional payloads as required.

Implications and Recent Findings

Although Microsoft has yet to release detailed information about specific attacks, cybersecurity firm Huntress has identified a group known as KongTuke utilizing a ClickFix variant named CrashFix to distribute ModeloRAT. This campaign has primarily targeted corporate environments, posing significant risks to organizational cybersecurity.

With the growing sophistication of these attacks, it is essential for organizations and individuals to remain vigilant and implement robust security measures to protect against such threats.

Related articles highlight additional cyber threats, such as over 300 malicious Chrome extensions and other advanced spyware kits, underscoring the need for comprehensive threat awareness.

Security Week News Tags:ClickFix, CrashFix, Cyberattack, Cybersecurity, DNS lookup, KongTuke, Malware, Microsoft, ModeloRAT, Reconnaissance, remote access trojan, Threat Actors

Post navigation

Previous Post: ZeroDayRAT Spyware Threatens Android and iOS Security
Next Post: Critical Joomla Framework Vulnerabilities Exposed

Related Posts

SailPoint’s GitHub Repositories Breached in Security Incident SailPoint’s GitHub Repositories Breached in Security Incident Security Week News
Developer Who Hacked Former Employer’s Systems Sentenced to Prison Developer Who Hacked Former Employer’s Systems Sentenced to Prison Security Week News
April 2026 Sees 33 Major Cybersecurity M&A Deals April 2026 Sees 33 Major Cybersecurity M&A Deals Security Week News
Airport Cyberattack Disrupts More Flights Across Europe Airport Cyberattack Disrupts More Flights Across Europe Security Week News
Suspected DoppelPaymer Ransomware Group Member Arrested Suspected DoppelPaymer Ransomware Group Member Arrested Security Week News
Malicious Crypto Apps Target iOS Users on App Store Malicious Crypto Apps Target iOS Users on App Store Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing
  • Avalon Malware Framework Unveils CrownX Ransomware
  • Alibaba Considers Ban on AI Tool Over Security Concerns
  • India Cracks Down on Apps Disabling E-Rickshaws

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing
  • Avalon Malware Framework Unveils CrownX Ransomware
  • Alibaba Considers Ban on AI Tool Over Security Concerns
  • India Cracks Down on Apps Disabling E-Rickshaws

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark