Multiple threat actors, including ClearFake and TA571, are employing a new malware distribution campaign that tricks users into running malicious PowerShell "fixes" disguised as Google Chrome, Word, and OneDrive errors. These attacks, observed by ProofPoint, utilize website overlays, JavaScript, and compromised websites to prompt users to install malware. The clever social engineering tactics used in these attacks may lead users to unknowingly install DarkGate, NetSupport, and other malware payloads. The sophisticated attack chains vary in their initial stages but all ultimately lead to executing malicious PowerShell commands, exploiting users' lack of awareness and Windows' vulnerabilities. This campaign highlights the evolving tactics of threat actors to infect a larger number of systems and emphasizes the importance of vigilance in recognizing and mitigating such attacks.