ClickFix - VodkaStealer Lab

NextGen Financial Solutions' Security Operations Center flagged anomalous PowerShell activity on an employee workstation during routine monitoring. Initial triage traced the activity back to a legitimate external website that had been compromised with a ClickFix overlay - a fake CAPTCHA verification prompt that silently copies a malicious command to the visitor's clipboard and instructs them to paste it into the Windows Run dialog.Before the incident response team could contain the threat, the attacker had already escalated privileges, moved laterally across the corporate network, and deployed a custom Infostealer dubbed "VodkaStealer" on multiple endpoints. Evidence suggests that sensitive data - including...