A new windows terminal vulnerability allowed attackers to bypass protections against run-dialog abuse.

A new ClickFix variant instructs victims to launch Windows Terminal instead of the traditional Run dialog to execute malicious PowerShell commands. This shift bypasses protections meant to detect Run‑dialog abuse and blends more seamlessly into legitimate administrative workflows. The attack triggers a multi‑stage chain that decodes embedded hex commands and ultimately installs the Lumma Stealer malware. Other variants link to batch scripts and MSBuild‑based execution and are part of a broader evolution of ClickFix‑style social‑engineering attacks

Read more:

https://www.securityweek.com/clickfix-attack-uses-windows-terminal-to-evade-detection/