CP
cyberpings
Malware & RansomwareHIGH

Ransomware Alert: Velvet Tempest Targets with ClickFix Technique

BCBleepingComputerMar 7, 2026
Velvet TempestClickFixDonutLoaderCastleRAT
🎯

Basically, a group of hackers is using sneaky methods to spread dangerous malware.

Quick Summary

A new ransomware threat is on the rise, linked to Velvet Tempest's ClickFix technique. Windows users are particularly at risk, as this method allows hackers to deploy dangerous malware. Stay vigilant and ensure your software is up to date to protect your data.

What Happened

A new wave of ransomware? attacks has emerged, and it's alarming. The threat actors known as Velvet Tempest are leveraging a technique called ClickFix? to spread their malicious software. This method allows them to use legitimate Windows utilities, making their actions harder to detect.

In the chaos, two significant threats have surfaced: DonutLoader? malware? and the CastleRAT? backdoor. DonutLoader? is designed to infiltrate systems stealthily, while CastleRAT? gives hackers control over compromised devices. The combination of these tools is a serious concern for anyone using Windows.

Why Should You Care

You might think, "This doesn't affect me," but think again. If you use a Windows computer, your personal data and privacy are at risk. Imagine leaving your front door unlocked — that’s what using an unprotected device feels like. These hackers can steal your information, hold it for ransom, or even spy on you.

The key takeaway? Always be vigilant about your cybersecurity. Regularly update your software and be cautious about what you download. Your digital safety is just as important as your physical safety.

What's Being Done

In response to these attacks, cybersecurity experts are on high alert. They are analyzing the ClickFix? technique and advising users on how to protect themselves. Here are some immediate actions you can take:

  • Keep your operating system and software updated.
  • Use reputable antivirus programs to detect and block threats.
  • Be cautious about clicking on links or downloading files from unknown sources.

Experts are closely monitoring Velvet Tempest's activities to anticipate their next moves. Stay informed and proactive to safeguard your devices.

💡 Tap dotted terms for explanations

🔒 Pro insight: Velvet Tempest's use of legitimate tools highlights the evolving tactics in ransomware attacks, necessitating enhanced detection strategies.

Original article from

BleepingComputer · Bill Toulas

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Ransomware Evolving: Attackers Use Stealthy Tactics

Ransomware attacks are evolving, with cybercriminals opting for stealthy infiltration over loud disruptions. This shift poses a greater risk to your data security. Experts suggest enhancing security measures and staying informed about these tactics.

CSO Online·Today, 4:00 AM
HIGHMalware & Ransomware

BoryptGrab Stealer Spreads Through 100+ GitHub Repositories!

A new malware called BoryptGrab is spreading through over 100 GitHub repositories, stealing sensitive data like browser and crypto wallet information. This poses a serious risk to users who download affected software. Stay vigilant and check your recent downloads!

Security Affairs·Yesterday, 1:38 PM
HIGHMalware & Ransomware

Malware Alert: New Threats in the Digital Landscape

New malware threats are emerging, putting your personal data at risk. From malicious npm packages to fake security checks, these attacks can compromise your devices. Stay updated and protect yourself against these evolving dangers.

Security Affairs·Yesterday, 12:36 PM
HIGHMalware & Ransomware

Weaponized OAuth Logic Spreads Malware: What You Need to Know

Last week, hackers exploited OAuth to spread malware through deceptive redirection. This affects anyone using online services for login. Protect your accounts with two-factor authentication and be cautious of unusual prompts.

Help Net Security·Yesterday, 9:00 AM
HIGHMalware & Ransomware

BoryptGrab Stealer Hits Over 100 GitHub Repos!

Over 100 GitHub repositories are spreading BoryptGrab, a dangerous malware stealing sensitive data. If you use GitHub, be cautious about what you download. Protect your browser and cryptocurrency wallets from this serious threat.

SecurityWeek·Mar 7, 2026
HIGHMalware & Ransomware

Scareware Campaign Exposed: A Deep Dive into Mobile Threats

A cybersecurity consultant uncovered a mobile scareware campaign hidden behind a news story click. This affects anyone who uses their phone, risking personal data and finances. Stay vigilant and protect yourself from these scams.

CyberWire Daily·Mar 7, 2026