ClickFix Campaigns Targeting Windows and macOS
Essential information
- Published
- 25/03/2026 21:48
- Modified
- 27/03/2026 00:09
- Tags
- 2026-03-25 clickfix initial access living-off-the-land lumma stealer lummastealer macos macsync netsupport rat obfuscation odyssey stealer redline stealer social engineering vidar windows
- Related entities
- 18 observables, 19 techniques (mitre), 123 others
Description
Insikt Group identified five distinct clusters using the ClickFix social engineering technique for initial access. These clusters impersonate various services like Intuit QuickBooks and Booking.com, demonstrating operational variance but similar core techniques. ClickFix manipulates victims into executing malicious commands within native system tools, bypassing traditional security controls. The methodology has become a standardized template for cybercriminals and APT groups. Campaigns target diverse sectors and use sophisticated obfuscation and living-off-the-land tactics. Defenders are advised to implement aggressive behavioral hardening and user awareness training to mitigate these threats.