Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Microsoft Unveils DNS ClickFix Attack Using Nslookup

Microsoft Unveils DNS ClickFix Attack Using Nslookup

Posted on February 15, 2026 By CWS

Microsoft has revealed a sophisticated variation of the ClickFix attack, leveraging Domain Name System (DNS) lookups to stage malware. This attack uses the ‘nslookup’ command, executed via the Windows Run dialog, to download malicious payloads. Targeting users through phishing, malvertising, and drive-by downloads, ClickFix has become a prevalent method for cybercriminals to trick victims into compromising their systems.

Understanding the ClickFix Tactic

ClickFix has gained traction over the past two years as attackers manipulate users into executing commands on their machines. The approach often involves directing users to deceptive webpages that mimic CAPTCHA verifications or suggest resolving non-existent issues. Once the command is executed, the malware is downloaded, enabling attackers to bypass traditional security measures easily.

Microsoft’s Threat Intelligence team highlighted that the latest DNS-based variation initiates a command through cmd.exe, performing a DNS lookup against an external server. The response is used to trigger the next stage of the attack, illustrating the tactic’s ability to blend malicious activities into standard network traffic.

The Role of DNS in Malware Distribution

Utilizing DNS as a communication channel, attackers can discreetly interact with their infrastructure, adding a validation layer before executing secondary payloads. By minimizing reliance on conventional web requests, this method camouflages the attack within normal activities, making it harder for security solutions to detect.

The malicious payload executes an attack chain that includes downloading a ZIP file from an external server, containing a Python script that conducts reconnaissance and deploys additional malware. This script eventually initiates ModeloRAT, a Python-based remote access trojan, ensuring persistent access through a Windows shortcut file.

Broader Implications and Emerging Threats

Bitdefender has observed a rise in Lumma Stealer activities linked to ClickFix-style attacks, particularly those involving fake CAPTCHA campaigns. These methods often employ CastleLoader, a malware loader used by the threat actor GrayBravo, to infiltrate systems. Despite law enforcement efforts in 2025, Lumma Stealer operations have shown resilience, adapting to alternative methods and hosting providers.

Moreover, several campaigns have emerged, utilizing social engineering to deploy various stealers and loaders. Attackers exploit phishing, malvertising, and even AI platforms to spread malware. A notable macOS campaign employs Odyssey Stealer, targeting cryptocurrency users by exfiltrating sensitive data from browser wallets.

These developments underscore the need for vigilance, as attackers continuously refine their strategies. The DNS-based ClickFix attack highlights the evolving landscape of cyber threats and the importance of robust security practices to counteract these sophisticated methods.

The Hacker News Tags:CastleLoader, ClickFix, Cybersecurity, DNS attack, Lumma Stealer, Malvertising, Malware, Microsoft, Nslookup, Phishing

Post navigation

Previous Post: Windows 11 Update KB5077181 Triggers Endless Reboot Issues
Next Post: Android 17 Beta Enhances Privacy and Security Measures

Related Posts

Why Secrets in JavaScript Bundles are Still Being Missed Why Secrets in JavaScript Bundles are Still Being Missed The Hacker News
LeakyLooker Flaws in Google Looker Studio Exposed LeakyLooker Flaws in Google Looker Studio Exposed The Hacker News
94% of Cyber Incidents Involve Anonymized Networks 94% of Cyber Incidents Involve Anonymized Networks The Hacker News
U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems The Hacker News
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards The Hacker News
APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • India Cracks Down on Apps Disabling E-Rickshaws
  • Hackers Exploit SEO to Mislead AI with Malicious Codes
  • North Korea-Linked npm Packages Pose Threat to Developers
  • Urgent Update Advised for Apache ActiveMQ Vulnerabilities
  • Major Cybersecurity Incidents: Canadian Hacker, ATM Fraud

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • India Cracks Down on Apps Disabling E-Rickshaws
  • Hackers Exploit SEO to Mislead AI with Malicious Codes
  • North Korea-Linked npm Packages Pose Threat to Developers
  • Urgent Update Advised for Apache ActiveMQ Vulnerabilities
  • Major Cybersecurity Incidents: Canadian Hacker, ATM Fraud

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark