ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
Summary
Multiple ClickFix campaigns are actively distributing new malware loaders including BabaDeda Loader, Lorem Ipsum Loader, and Potemkin. BabaDeda Loader, in particular, has been observed targeting the education and financial sectors since April 2026.
IFF Assessment
FOE
The emergence and expansion of new malware loaders and campaigns directly threaten organizations by increasing the attack surface and potential for compromise.
Defender Context
Defenders should be aware of these expanding ClickFix campaigns and the specific malware loaders being used, such as BabaDeda, Lorem Ipsum, and Potemkin. Vigilance against fake update lures and an emphasis on robust endpoint detection and response are crucial to mitigating these threats.