Tag: clickfix

Infinity Stealer Targets macOS Users Through ClickFix Social Engineering

Security researchers have identified Infinity Stealer, a new macOS-targeting info-stealing malware that uses ClickFix social engineering lures to trick users into executing Python payloads compiled with Nuitka. The malware harvests system information, browser data, and credentials from infected machines.

Mar 29, 2026BleepingComputer

macosinfo-stealersocial-engineering

🇺🇸Apple

mediumData Breaches & Incidents

ClickFix Campaign Evolution: Drive Mapping, VPN Spoofing, and Developer-Targeted Attacks

Security researchers have identified an evolution in ClickFix social engineering attacks, with new variants mapping attacker-controlled network drives, Storm-2561 using fake Fortinet/Ivanti VPN sites to distribute Hyrax infostealer, and MacSync malware targeting developers via fraudulent Claude AI extensions.

Mar 18, 2026Hackread

clickfixsocial-engineeringinfostealer

🇺🇸Google

criticalMalware & Threats

CISA Flags Active Exploitation While New Ransomware Tactics and AI Shadow Operations Emerge

CISA added a Wing FTP Server vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation. Meanwhile, LeakNet ransomware has evolved to use ClickFix social engineering techniques, and security teams face growing challenges from unauthorized AI tools in enterprise environments.

Mar 17, 2026BleepingComputer, Graham Cluley, Checkpoint Research, Malwarebytes Labs

ransomwarecisa-kevmalware

🇺🇸Google

highVulnerabilities & Exploits

Microsoft Patches RCE in Windows RRAS, Storm-2561 Deploys Trojan VPN Clients via SEO Poisoning

Microsoft addressed a remote code execution vulnerability in Windows RRAS while threat actors continue deploying sophisticated social engineering campaigns including trojan VPN clients and evolved ClickFix techniques. Multiple library vulnerabilities across CoreDNS, zlib, and other components require attention.

Mar 14, 2026The Hacker News, SANS ISC, MSRC Security Updates

remote-code-executionwindows-rrasseo-poisoning

🇺🇸Meta Platforms

highData Breaches & Incidents

Iran's MuddyWater Targets US Firms, macOS Stealer Campaign, and HIBP Surge

Iran's MuddyWater hackers deployed new Dindoor backdoor against US companies while cybercriminals used fake CleanMyMac sites to distribute macOS stealer malware. Meanwhile, Have I Been Pwned processed five major breaches in two days, highlighting an acceleration in data compromise incidents.

Mar 10, 2026Hackread, Troy Hunt

muddywateraptmacos

🇮🇷MuddyWater

highMalware & Threats

Velvet Tempest Links Termite Ransomware to ClickFix CastleRAT Campaign

Security researchers have linked Termite ransomware deployments to Velvet Tempest threat actors using the ClickFix social engineering technique. The campaign leverages legitimate Windows utilities and deploys DonutLoader malware along with the CastleRAT backdoor to establish persistence before ransomware execution.

Mar 8, 2026BleepingComputer

termite-ransomwarevelvet-tempestclickfix

mediumMalware & Threats

Compromised QuickLens Chrome Extension Deploys Crypto-Stealing Malware via ClickFix Tactics

The QuickLens Chrome extension was compromised to deliver crypto-stealing malware to thousands of users through ClickFix social engineering tactics. Google has since removed the malicious extension from the Chrome Web Store.

Mar 1, 2026BleepingComputer

browser-extensionscrypto-theftclickfix

🇺🇸Google

mediumMalware & Threats

ClickFix Campaign Expands to Target Cryptocurrency Wallets and 25+ Browsers

CyberProof researchers document ClickFix operation's expansion into cryptocurrency theft, using fake captchas to deploy infostealers across 25+ browsers and MetaMask wallets.

Feb 22, 2026Hackread

infostealerclickfixcryptocurrency

highIndustry & Policy

Supply Chain Malware, Nation-State Attacks, and Living-Off-the-Land Techniques Dominate Threat Landscape

Week brings supply chain Android malware, Russian attacks on Polish energy, RMM tool abuse surge, evolved ClickFix campaigns, and Singapore's successful defense against Chinese hackers.

Feb 18, 2026Dark Reading

supply-chainnation-stateandroid-malware

mediumMalware & Threats

MacSync Malware Campaign Hijacks Google Ads and Impersonates Claude AI

Threat actors exploit hijacked Google Ads and fake Claude AI tutorials to distribute MacSync data-stealing malware targeting Mac users through ClickFix attack vectors.

Feb 17, 2026Hackread

macsyncclickfixgoogle-ads

🇺🇸Google🇺🇸Apple

criticalMalware & Threats

Threat Roundup: Zero-Days, Data Breaches, and Evolving Attack Vectors

Critical Chrome zero-day, BeyondTrust vulnerability, major data breaches at Eurail and Canada Goose, plus evolving infostealer campaigns targeting AI frameworks.

Feb 17, 2026BleepingComputer, Checkpoint Research, Malwarebytes Labs

ransomwaredata-breachzero-day

🏴ShinyHunters

🇺🇸Google