Think before you Click(Fix): Analyzing the ClickFix social engineering technique
Aug. 21, 2025, 9:46 p.m.
Description
The ClickFix social engineering technique has gained popularity among threat actors, targeting thousands of devices globally. It tricks users into executing malicious commands on their devices by exploiting their tendency to solve minor technical issues. The technique often impersonates legitimate brands and combines with delivery vectors like phishing and malvertising. ClickFix campaigns typically lead users to a visual lure, such as a landing page, instructing them to run commands in the Windows Run dialog. This user interaction element helps bypass conventional security solutions. Various malware, including infostealers and remote access tools, are delivered through ClickFix attacks. The technique has evolved to target macOS users and is being sold as part of malware kits on hacker forums.
Tags
Date
- Created: Aug. 21, 2025, 9:03 p.m.
- Published: Aug. 21, 2025, 9:03 p.m.
- Modified: Aug. 21, 2025, 9:46 p.m.
Indicators
- f77c924244765351609777434e0e51603e7b84c5a13eef7d5ec730823fc5ebab
- d9ffe7d433d715a2bf9a31168656e965b893535ab2e2d9cab81d99f0ce0d10c9
- 8fb329ae6b590c545c242f0bef98191965f7afed42352a0c84ca3ccc63f68629
- 592ef7705b9b91e37653f9d376b5492b08b2e033888ed54a0fd08ab043114718
- 061d378ffed42913d537da177de5321c67178e27e26fca9337e472384d2798c8
- 185.234.72.186
- 83.242.96.159
- http://guildmerger.co/verify/eminem
- http://applemacios.com/vv/update
- http://applemacios.com/vv/install.sh
Attack Patterns
- Lampion
- Atomic macOS Stealer (AMOS)
- MintsLoader
- Latrodectus
- ScreenConnect
- Lumma Stealer
- DarkGate
Additional Informations
- Transportation
- Education
- Finance
- Government
- Luxembourg
- Hungary
- Portugal
- Switzerland
- Spain
- Canada
- France
- Germany
- Mexico
- Brazil
- United States of America