At a Glance: ClickFix campaigns use three new malware loaders to specifically infiltrate educational and financial organizations.
Security researchers from Morphisec, BlueVoyant and Huntress document advanced ClickFix campaigns that employ three new malware loaders (BabaDeda, Lorem Ipsum, Potemkin) for infection. Targets increasingly include educational and financial organizations.
Cybersecurity analysts have identified multiple active ClickFix campaigns distributing three specialized malware loaders: BabaDeda Loader, Lorem Ipsum Loader and Potemkin. Each variant has been documented through independent research by Morphisec, BlueVoyant and Huntress respectively.
BabaDeda attacks have been registered since April 2026 and concentrate on the education and financial sectors. The campaigns employ social engineering tactics, particularly fake software update notifications, to trick users into executing malware. For CISOs, this poses a continuous threat, as attackers iteratively refine their loader techniques and deploy multiple distribution variants in parallel.
The diversification of loader names and functionality indicates organized, campaign-based infrastructure. Organizations should calibrate endpoint detection systems to these loader signatures and increase end-user awareness of suspicious update prompts.
Source: thehackernews.com · Published 16 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.1.