What happened Researchers at Elastic Security Labs have uncovered a banking malware campaign, tracked as REF6045, that is actively targeting customers of Mexican banks, fintech companies, payment processors, and cryptocurrency exchanges. The operation uses ClickFix social engineering techniques to trick victims into infecting their own devices. According to researchers Jia Yu Chan and Salim Bitam, victims are presented with a fake CAPTCHA page that mimics a legitimate security check.