Tag

Clickfix

4 briefs RSS

ClickFix Campaign Targets macOS Users with Infostealers via Fake Utility Fixes

The ClickFix campaign targets macOS users with fake utility fixes, tricking them into running malicious Terminal commands to install infostealing malware such as Macsync, Shub Stealer, and AMOS.

Microsoft Security Blog +2 macos infostealer clickfix terminal

2r 5t 5i May 6, 2026

high advisory

ClickFix 'BackgroundFix' Campaign Delivers CastleLoader, NetSupport RAT, and CastleStealer

2 rules 3 TTPs 1 IOC

The 'BackgroundFix' ClickFix campaign uses social engineering to trick victims into downloading malware disguised as a free image-editing tool, leading to the deployment of CastleLoader, NetSupport RAT for remote access, and CastleStealer for credential theft.

Microsoft Windows +2 clickfix malware social-engineering rat infostealer castleloader netsupport

2r 3t 1i Apr 30, 2026

high advisory

DeepLoad Malware Distributed via ClickFix

2 rules 3 TTPs

The DeepLoad malware steals credentials, installs malicious browser extensions, spreads via USB drives, and is being distributed via ClickFix campaigns using PowerShell loaders.

deepload clickfix credential-theft windows

2r 3t Apr 2, 2026

high advisory

Potential Execution via FileFix Phishing Attack

2 rules 1 TTP

Detects potential execution of Windows commands or downloaded files via the browser's dialog box, where adversaries may use phishing to instruct victims to copy and paste malicious commands for execution.

Elastic Defend +2 phishing execution filefix clickfix windows

2r 1t Jan 2, 2024