
Hijacked Discord Invite to ClickFix Loader: Tracing the Lure
A finance analyst at Halcyon Wealth Partners clicked a recycled Discord invite that silently redirected to a fake-CAPTCHA ClickFix page. Following the on-screen prompt, they pasted a hidden PowerShell command that pulled a loader from GitHub, chained a Bitbucket second stage, and dropped AsyncRAT and the Skuld stealer. Walk the proxy, endpoint, and firewall evidence step by step to trace the lure, the loader, the C2 beacon, and the data theft.
Launches today
Friday, July 3, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
What you'll investigate
7 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever