This analysis explores the ClickFix social engineering tactic that emerged in 2024, focusing on a cluster impersonating Google Meet pages to distribute malware. The tactic tricks users into running malicious code by displaying fake error messages. The investigated cluster targets both Windows and macOS systems, spreading infostealers like Stealc, Rhadamanthys, and AMOS Stealer. The operation is linked to cybercrime groups 'Slavic Nation Empire' and 'Scamquerteo', sub-teams of larger cryptocurrency scam organizations. The report details the infection chain, infrastructure, and provides insights into the broader malware distribution ecosystem associated with these threat actors.