216.73.217.22

ClickFix Campaigns Targeting Windows and macOS

· Published 25/03/2026 21:48 · Modified 27/03/2026 00:09

Export JSON

Essential information

Published
25/03/2026 21:48
Modified
27/03/2026 00:09
Tags
2026-03-25 clickfix initial access living-off-the-land lumma stealer lummastealer macos macsync netsupport rat obfuscation odyssey stealer redline stealer social engineering vidar windows
Related entities
18 observables, 19 techniques (mitre), 123 others

Description

Insikt Group identified five distinct clusters using the technique for . These clusters impersonate various services like Intuit QuickBooks and Booking.com, demonstrating operational variance but similar core techniques. manipulates victims into executing malicious commands within native system tools, bypassing traditional security controls. The methodology has become a standardized template for cybercriminals and APT groups. Campaigns target diverse sectors and use sophisticated and tactics. Defenders are advised to implement aggressive behavioral hardening and user awareness training to mitigate these threats.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (18)

  • 193.35.17.12
  • 91.202.233.206
  • 45.144.233.192
  • 62.164.177.230
  • 45.93.20.50
  • 193.58.122.97
  • 77.91.65.144
  • 152.89.244.70
  • 94.156.112.115
  • 77.91.65.31
  • 193.222.99.212
  • 45.93.20.141
  • http://alababababa.cloud/cVGvQio6.txt.
  • c0af6e9d848ada3839811bf33eeb982e6c207e4c40010418e0185283cd5cff50
  • 43907e54cf3d1258f695d1112759b5457576481072cc76a679b8477cfeb3db87
  • 397dcea810f733494dbe307c91286d08f87f64aebbee787706fe6561ed3e20f8
  • b17c3e4058aacdcc36b18858d128d6b3058e0ea607a4dc59eb95b18b7c6acc7c
  • 5d821db386c7c879caeabf3e9f94c94a48eec6ec5a3a0efbae9d69da3f52c1db

Techniques (MITRE) (19)

Others (123)

  • Accounting
  • Finance
  • Technology
  • Real Estate
  • Travel
  • Government
  • anthonydee.com
  • admin-activitycheck.com
  • appsmacosx.com
  • cryptoinfo-news.com
  • checkhelpdesk.com
  • fomomforhealth.com
  • bancatangcode.com
  • gobirdrank.com
  • appxmacos.com
  • billiardinstitute.com
  • traderslinkfx.com
  • guypinions.com
  • birdrankusa.com
  • checkaccountactivity.com
  • helpbirdrep.com
  • financementure.com
  • getbirdrank.com
  • bkng-updt.com
  • account-help.info
  • bitbirdrank.com
  • birdrankus.com
  • birdrankinc.com
  • orkneygateway.com
  • quiptly.com
  • accountpulse.help
  • birdrankfx.com
  • elive123go.com
  • birdrankvip.com
  • account-helpdesk.icu
  • acconthelpdesk.com
  • account-helpdesk.info
  • birdrepusa.com
  • probirdrep.com
  • ned.coveney-ltd.com
  • joeyapple.com
  • macosx-apps.com
  • macosxapp.com
  • justbirdrank.com
  • macosxappstore.com
  • nowbirdrank.com
  • apple.assistance-tools.com
  • birdrepuse.com
  • birdrankbox.com
  • mac-os-helper.com
  • surecomforts.com
  • macapps-apple.com
  • macosx-app.com
  • subsgod.com
  • mybirdrank.com
  • birdreplab.com
  • elive777a.com
  • birdrankup.com
  • valetfortesla.com
  • appmacosx.com
  • vipbirdrank.com
  • hostmaster.extracareliving.com
  • sign-in-op-token.com
  • fixbirdrank.com
  • gologpoint.com
  • helpbirdrank.com
  • topbirdrank.com
  • checkpulse.com
  • apple.diagnostic.wiki
  • nhacaired88.com
  • thepulseactivity.com
  • deinhealthcoach.com
  • birdrankzen.com
  • birdrepbiz.com
  • bitbirdrep.com
  • usbirdrank.com
  • macxapp.com
  • alababababa.cloud
  • appmacintosh.com
  • birdrepgo.com
  • ustazazharidrus.com
  • visitbundala.com
  • checkpulses.com
  • birdrepsys.com
  • macintosh-hub.com
  • macapp-apple.com
  • birdrankllc.com
  • bebirdrank.com
  • macxapp.org
  • octopox.com
  • thestayreserve.com
  • account-helpdesk.top
  • pulse-help-desk.com
  • nobovcs.com
  • 4freepics.com
  • grandmastertraders.traderslinkfx.com
  • helpdeskpulse.com
  • topbirdrep.com
  • accountmime.com
  • acebirdrep.com
  • yvngvualr.com
  • optbirdrank.com
  • macos-storageperf.com
  • ms-scedg.com
  • chrm-srv.com
  • macosapp-apple.com
  • infobirdrep.com
  • theinvestworthy.com
  • ariciversontile.com
  • cryptonews-info.com
  • usebirdrep.com
  • shopifyservercloud.com
  • birdranktip.com
  • birdrankgo.com
  • hotelupdatesys.com
  • mrinmay.net
  • extracareliving.com
  • birdrephelp.com
  • cryptoinfo-allnews.com
  • apposx.com
  • birdrankmax.com
  • customblindinstall.com
  • cryptoinfnews.com

External references