The Reveal Platform
Intel Name: The clickfix factory: first exposure of iuam clickfix generator
Date of Scan: October 9, 2025
Impact: High
Summary: Attackers are leveraging a social engineering technique called ClickFix—which tricks users into manually executing malware—and are now packaging it into phishing kits for easy use. One such kit, the IUAM ClickFix Generator, automates the creation of deceptive phishing pages that mimic browser verification screens. It includes advanced features like OS detection and clipboard injection, enabling cross-platform malware delivery with minimal effort. This kit has been used to deploy malware such as DeerStealer and is part of a growing commercial phishing-as-a-service ecosystem focused on ClickFix-based attacks.
