A recently discovered campaign, known as ClickFix, exploits Windows Terminal to deliver Lumma Stealer malware through social engineering tactics. Microsoft has warned of this campaign, which tricks users into executing malicious commands, posing a significant threat to Windows environments. The attackers leverage Windows Terminal to run a complex attack chain, ultimately deploying the Lumma Stealer malware. This campaign was uncovered by Microsoft Defender experts in February 2026, highlighting the growing risks associated with social engineering attacks on Windows systems1. The use of social engineering tactics to trick users into executing malicious commands underscores the importance of user awareness and education in preventing such attacks. The ClickFix campaign's ability to exploit Windows Terminal demonstrates the need for practitioners to remain vigilant and implement robust security measures to protect against these types of threats, as the success of such campaigns can have significant consequences for system security.