MEDIUMMalware
Global

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

·Source: The Hacker News

Updated:

Executive Summary

Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations. "Earlier BabaDeda activity was known for

Analysis

Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations. "Earlier BabaDeda activity was known for
Source Attribution

Originally published by The Hacker News on Jun 16, 2026.

Related Threats

MEDIUMMalware

Rokarolla Android Banking Trojan Enables Device Takeover

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/rokarolla-android-banking-trojan-enables-device-takeover-image_small-4-a-31996.jpg" align=right hspace=4><b>Malware Targets Banks, Crypto Platforms and Social Media</b><br>Newly surfaced Android-based banking Trojan gives threat actors near-total control over infected devices, letting them steal user credentials for direct access

Bank Info Security
MEDIUMMalware

Fileless Phantom Stealer Targets Browser Credentials

In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to frustrate detection.

Dark Reading
MEDIUMMalware

New Rokarolla Android malware targets 217 banking, crypto apps

A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. [...]

BleepingComputer