The ClickFix Factory: First Exposure of IUAM ClickFix Generator

Oct. 13, 2025, 7:44 a.m.

Description

Palo Alto Unit42 have uncovered a phishing kit named the IUAM ClickFix Generator that automates the creation of these attacks. The kit is designed to generate highly customizable phishing pages that lure victims by mimicking browser verification challenges often used to block automated traffic. It includes advanced features such as operating system detection and clipboard injection, enabling low-effort, cross-platform malware deployment.

External References

https://unit42.paloaltonetworks.com/clickfix-generator-first-of-its-kind/
https://otx.alienvault.com/pulse/68e94967bcab143b278f0611
Tags
rat
phishing
infostealer
macos
remote access
clickfix
deerstealer
captcha
odyssey
2025-10-10
clipboard
iuam
clickfix generator

Date

  • Created: Oct. 10, 2025, 5:59 p.m.
  • Published: Oct. 10, 2025, 5:59 p.m.
  • Modified: Oct. 13, 2025, 7:44 a.m.

Indicators

  • fe8b1b5b0ca9e7a95b33d3fcced833c1852c5a16662f71ddea41a97181532b14
  • f2a068164ed7b173f17abe52ad95c53bccf3bb9966d75027d1e8960f7e0d43ac
  • ead6b1f0add059261ac56e9453131184bc0ae2869f983b6a41a1abb167edf151
  • d81cc9380673cb36a30f2a84ef155b0cbc7958daa6870096e455044fba5f9ee8
  • d375bb10adfd1057469682887ed0bc24b7414b7cec361031e0f8016049a143f9
  • d110059f5534360e58ff5f420851eb527c556badb8e5db87ddf52a42c1f1fe76
  • cd78a77d40682311fd30d74462fb3e614cbc4ea79c3c0894ba856a01557fd7c0
  • ba5305e944d84874bde603bf38008675503244dc09071d19c8c22ded9d4f6db4
  • 9c5920fa25239c0f116ce7818949ddce5fd2f31531786371541ccb4886c5aeb2
  • 966108cf5f3e503672d90bca3df609f603bb023f1c51c14d06cc99d2ce40790c
  • 9090385242509a344efd734710e60a8f73719130176c726e58d32687b22067c8
  • 8ed8880f40a114f58425e0a806b7d35d96aa18b2be83dede63eff0644fd7937d
  • 82b73222629ce27531f57bae6800831a169dff71849e1d7e790d9bd9eb6e9ee7
  • 816bf9ef902251e7de73d57c4bf19a4de00311414a3e317472074ef05ab3d565
  • 7a8250904e6f079e1a952b87e55dc87e467cc560a2694a142f2d6547ac40d5e1
  • 7881a60ee0ad02130f447822d89e09352b084f596ec43ead78b51e331175450f
  • 7765e5e0a7622ff69bd2cee0a75f2aae05643179b4dd333d0e75f98a42894065
  • 72633ddb45bfff1abeba3fc215077ba010ae233f8d0ceff88f7ac29c1c594ada
  • 6e4119fe4c8cf837dac27e2948ce74dc7af3b9d4e1e4b28d22c4cf039e18b993
  • 3aee8ad1a30d09d7e40748fa36cd9f9429e698c28e2a1c3bcf88a062155eee8c
  • 397ee604eb5e20905605c9418838aadccbbbfe6a15fc9146442333cfc1516273
  • 2b74674587a65cfc9c2c47865ca8128b4f7e47142bd4f53ed6f3cb5cf37f7a6b
  • 081921671d15071723cfe979633a759a36d1d15411f0a6172719b521458a987d
  • 039f82e92c592f8c39b9314eac1b2d4475209a240a7ad052b730f9ba0849a54a
  • 00c953a678c1aa115dbe344af18c2704e23b11e6c6968c46127dd3433ea73bf2
  • 029a5405bbb6e065c8422ecc0dea42bb2689781d03ef524d9374365ebb0542f9
  • 88.214.50.3
  • 45.146.130.132
  • 45.146.130.129
  • 188.92.28.186
  • 38.242.212.5
  • 45.135.232.33
  • 194.26.29.217
  • 45.146.130.131
  • 185.93.89.62
  • 83.222.190.214
  • treadingveew.last-desk.org
  • treadingveew.dekstop-apps.com
  • sifld.rajeshmhegde.com
  • crm.jskymedia.com
  • watchlist-verizon.com
  • ttxttx.com
  • techinnovhub.co.za
  • speedtestcheck.org
  • teamsonsoft.com
  • ibs-express.com
  • fudgeshop.com.au
  • quirkyrealty.com
  • financementure.com
  • favorite-hotels.com
  • evodigital.com.au
  • emailreddit.com
  • coffeyelectric.com
  • cloudlare-lndex.com
  • claudflurer.com
  • asmicareer.com
  • apposx.com
  • 365-drive.com
  • tradingviewen.com
Download all indicators here!

Attack Patterns

  • Odyssey
  • DeerStealer

Additional Informations

  • Information Technology
  • Canada