ClickFix: The Attack That Turns Users Into Their Own Attackers
Check Point, Thursday, June 25th, 2026
Check Point introduced a behavior-based ClickFix detection engine to stop an attack that tricks users into running malicious commands.
Check Point's ThreatCloud AI team unveiled a new ClickFix detection engine built into its products to counter a rapidly spreading social-engineering attack.
ClickFix exploits user trust by displaying fake verification prompts that trick victims into copying and running malicious commands themselves, bypassing traditional endpoint defenses.
The engine uses behavioral analysis to spot telltale signs, such as fake verification prompts, clipboard copy instructions, and system command execution patterns, regardless of a domain's reputation.
Case studies cover both newly registered impostor domains and compromised legitimate websites, showing the engine catches the technique across delivery methods.