ClickFix: Browser-Spawned Scripting Engine for Initial Access

Detects the ClickFix social engineering initial access technique used by LeakNet and other ransomware actors, where attackers use fake browser prompts to trick users into running clipboard-copied commands. Flags scripting engines spawned directly from major web browsers — a high-confidence indicator of clipboard-hijack campaigns