Site icon VMVirtualMachine.com

Microsoft Warns of ClickFix Attack Abusing DNS Lookups

Microsoft Warns of ClickFix Attack Abusing DNS Lookups

By Eduard Kovacs
Publication Date: 2026-02-16 11:56:00

Microsoft has warned users that threat actors are leveraging a new variant of the ClickFix technique to deliver malware.

The ClickFix attack method has been increasingly used in the past year by both cybercriminals and state-sponsored threat groups.

The attack involves attackers displaying a fake error message on a compromised or malicious site. The message instructs the target to address the issue by pressing specific keys, then performing additional steps (eg, running a command). By following the attacker’s instructions, the user unknowingly grants elevated permissions, downloads malware, or executes attacker-supplied scripts.

In a recent ClickFix attack observed by Microsoft the attacker asked targets to run a command that executes a custom DNS lookoup.

“The initial command runs through cmd.exe and performs a DNS lookup against a hard-coded external DNS server, rather than the system’s default resolver. The output is filtered to extract the ‘Name:’…

Exit mobile version