Cybersecurity researchers have disclosed details of a new
campaign that combines ClickFix-style fake CAPTCHAs with a signed
Microsoft Application Virtualization (App-V) script to distribute
an information stealer called Amatera. "Instead of launching
PowerShell directly, the attacker uses this script to control how
execution begins and to avoid more common, easily recognized
execution paths,"
Read more https://thehackernews.com/2026/01/clickfix-attacks-expand-using-fake.html
