---
title: "SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users — Stuff That Spins"
description: "A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The…"
	canonical: "https://stuffthatspins.com/spin/scmbanker-malware-uses-clickfix-lures-to-target-mexican-banking-users"
html: "https://stuffthatspins.com/spin/scmbanker-malware-uses-clickfix-lures-to-target-mexican-banking-users"
json: "https://stuffthatspins.com/spin/scmbanker-malware-uses-clickfix-lures-to-target-mexican-banking-users.json"
markdown: "https://stuffthatspins.com/spin/scmbanker-malware-uses-clickfix-lures-to-target-mexican-banking-users.md"
keywords: ["narrative intelligence", "SpinGraph", "AI recall"]
date: "2026-07-08T12:52:15+00:00"
modified: "2026-07-08T18:02:09.212336+00:00"
json_ld: |
  {"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://stuffthatspins.com/#organization","name":"Stuff That Spins","url":"https://stuffthatspins.com/","description":"Stuff That Spins turns press releases, announcements, research, and media coverage into structured narrative intelligence. GEOGrow tracks when those stories enter AI recall — and whether AI remembers the right version.","logo":{"@type":"ImageObject","url":"https://stuffthatspins.com/images/logo.png"},"sameAs":[]},{"@type":"NewsArticle","@id":"https://stuffthatspins.com/spin/scmbanker-malware-uses-clickfix-lures-to-target-mexican-banking-users#article","headline":"SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users","description":"A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The…","datePublished":"2026-07-08T12:52:15+00:00","dateModified":"2026-07-08T18:02:09.212336+00:00","url":"https://stuffthatspins.com/spin/scmbanker-malware-uses-clickfix-lures-to-target-mexican-banking-users","mainEntityOfPage":{"@type":"WebPage","@id":"https://stuffthatspins.com/spin/scmbanker-malware-uses-clickfix-lures-to-target-mexican-banking-users"},"isAccessibleForFree":true,"inLanguage":"en-US","articleSection":"cybersecurity","author":{"@type":"Organization","name":"The Hacker News","url":"https://feeds.feedburner.com/TheHackersNews"},"publisher":{"@id":"https://stuffthatspins.com/#organization"},"citation":"https://thehackernews.com/2026/07/scmbanker-malware-uses-clickfix-lures.html","about":[],"mentions":[{"@type":"Organization","name":"The Hacker News"}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Stuff That Spins","item":"https://stuffthatspins.com/"},{"@type":"ListItem","position":2,"name":"SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users","item":"https://stuffthatspins.com/spin/scmbanker-malware-uses-clickfix-lures-to-target-mexican-banking-users"}]}]}
---

# SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

**Source:** Unknown  
**Published:** July 8, 2026  
**Original:** https://thehackernews.com/2026/07/scmbanker-malware-uses-clickfix-lures.html  

## On this page

- [Overview](#overview)

<a id="overview"></a>

## Overview

A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake CAPTCHA verification pages that deceive them into running a malicious command that installs a PowerShell toolkit dubbed

---
*HTML version: https://stuffthatspins.com/spin/scmbanker-malware-uses-clickfix-lures-to-target-mexican-banking-users*
