Skip to main content
Hijacked Discord Invite to ClickFix Loader: Tracing the Lure operation cover
COMING SOONBeginner

Hijacked Discord Invite to ClickFix Loader: Tracing the Lure

A finance analyst at Halcyon Wealth Partners clicked a recycled Discord invite that silently redirected to a fake-CAPTCHA ClickFix page. Following the on-screen prompt, they pasted a hidden PowerShell command that pulled a loader from GitHub, chained a Bitbucket second stage, and dropped AsyncRAT and the Skuld stealer. Walk the proxy, endpoint, and firewall evidence step by step to trace the lure, the loader, the C2 beacon, and the data theft.

25m
7 tasks
25 points
Free

Launches today

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops — free forever.

Training Tools

SIEMFirewall

What you'll investigate

7 objectives unlock when this operation goes live.

1Brief: a CAPTCHA that asks you to run a command
2Find the fake-CAPTCHA lure page
3Spot what the ClickFix prompt made the user run
4Trace where the loader pulled its first payload
5Identify the command-and-control address
6Find what stole the browser data
7Map the user-execution step to MITRE ATT&CK

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free

No credit card required — free forever

Hijacked Discord Invite to ClickFix Loader: Tracing the Lure — Coming Soon | SOCSimulator