A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad.
„It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,“ ReliaQuest researchers Thassanai
https://thehackernews.com/2026/03/deepload-malware-uses-clickfix-and-wmi.html