Sophisticated Phishing Kit IUAM ClickFix Generator Exposed
Cybersecurity researchers have uncovered a sophisticated phishing kit, dubbed IUAM ClickFix Generator, which has been used to create convincing browser verification pages to steal user data. The kit, active between mid-July and early October 2025, exploited WordPress theme vulnerabilities to distribute malicious scripts.
Palo Alto Networks researchers discovered the IUAM ClickFix Generator, a web application accessible via a specific IP address during the mentioned period. The kit enables attackers to customize phishing pages, including the title, domain, content, and prompts. It also employs obfuscation techniques and injects automatic clipboard-copy JavaScript commands, making it highly versatile and dangerous.
Several ClickFix-themed phishing pages created using this generator or its variants have been spotted. These pages targeted both Windows and macOS users, aiming to deliver infostealers. The generator can detect the victim's device type and tailor the malicious command accordingly, increasing the likelihood of success. One campaign was tied to the Odyssey malware-as-a-service (MaaS) offering, with variations reflecting customized deployments.
The IUAM ClickFix Generator highlights the evolving nature of phishing attacks, with cybercriminals increasingly employing sophisticated tools to create convincing lures. Users are advised to remain vigilant, especially when encountering browser verification pages, and to keep their systems and software up-to-date to protect against such threats.
