During routine analysis, CYJAX identified a typosquatting phishing campaign which impersonated the Optical Character Recognition (OCR) tool Tesseract OCR. What originally appeared to be a ClickFix attack evolved into a sophisticated campaign delivering multi-stage malware deployments. The campaign, which CYJAX has titled OCRFix, made use of heavy obfuscation and defence evasion techniques, including EtherHiding.