JackFix uses fake Windows update pop-ups to deliver stealers
⚠️ Cybersecurity researchers report a JackFix campaign that uses fake Windows Update pop-ups on cloned adult sites to trick users into running mshta.exe and PowerShell commands. According to Acronis and Huntress, the attack chain leverages obfuscation, privilege escalation and can deploy multiple stealers including Rhadamanthys, RedLine and Vidar. Organizations are advised to train users and consider disabling the Windows Run box via Group Policy or Registry changes to reduce risk.
