DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

Published: 1 month ago (March 30, 2026 at 11:47 AM EDT)

1 min read

Source: The Hacker News

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad.

“It likely uses AI‑assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” — ReliaQuest researchers Thassanai

Back to Blog

Security news weekly round-up - 27th March 2026

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner Read the full articlehttps://thehackernews.com/2026/03/hackers-use-fake-resume...

Everything you need to know about the malware stealing data from Mac users

Mac users have a new malware threat to watch out for. According to a report by Malwarebyteshttps://www.malwarebytes.com/blog/threat-intel/2026/03/infiniti-steal...

New Infinity Stealer malware grabs macOS data via ClickFix lures

!https://www.bleepstatic.com/content/hl-images/2026/02/13/Apple2.jpg A new info‑stealing malware named Infinity Stealer is targeting macOS systems with a Python...

MacOS 26.4 Adds Warnings For ClickFix Attacks to Its Terminal App

Overview An anonymous Slashdot reader notes that ClickFix attackshttps://it.slashdot.org/story/25/11/11/2233201/clickfix-may-be-the-biggest-security-threat-you...

Related posts

Security news weekly round-up - 27th March 2026

Everything you need to know about the malware stealing data from Mac users

New Infinity Stealer malware grabs macOS data via ClickFix lures

MacOS 26.4 Adds Warnings For ClickFix Attacks to Its Terminal App