Think before you Click(Fix): Analyzing the ClickFix social engineering technique
Essential information
- Published
- 21/08/2025 21:03
- Modified
- 21/08/2025 21:46
- Tags
- 2025-08-21 atomic macos stealer (amos) darkgate infostealer lampion latrodectus lumma stealer macos malvertising mintsloader obfuscation phishing remote access tool screenconnect social engineering windows run dialog
- Related entities
- 10 observables, 7 malware, 15 others
Description
The ClickFix social engineering technique has gained popularity among threat actors, targeting thousands of devices globally. It tricks users into executing malicious commands on their devices by exploiting their tendency to solve minor technical issues. The technique often impersonates legitimate brands and combines with delivery vectors like phishing and malvertising. ClickFix campaigns typically lead users to a visual lure, such as a landing page, instructing them to run commands in the Windows Run dialog. This user interaction element helps bypass conventional security solutions. Various malware, including infostealers and remote access tools, are delivered through ClickFix attacks. The technique has evolved to target macOS users and is being sold as part of malware kits on hacker forums.