Termite ransomware breaches linked to ClickFix CastleRAT attacks
Bleeping Computer
by Bill ToulasMarch 7, 2026
Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.
Verticals
securitytech
Originally published on Bleeping Computer on 3/7/2026