← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClickFix-style commands disguised as tech tips across social media platforms and beyond
WHITE PetrP.73 2026-04-17 Modified: 2026-04-17
29
IOCs
MEDIUM VOLUME
ClickFix-style attacks have emerged as a significant cyber threat, exploiting social media and video content to deliver malware effectively. These attacks prompt unsuspecting victims to execute seemingly harmless commands on their machines, which initiates a chain of malicious activities resulting in the installation of malware, most notably the Vidar information stealer. In a case investigated by WithSecure's Managed Detection and Response team, this method was demonstrated when a corporate endpoint executed a ClickFix command disguised as a tech tip, compromising the system.
researchblog postmalwarewithsecure threat intelligence teamdomain namesha256withsecureclickfixgoogle searchusernameinstagram userjavascriptstingrfacebookpowershellvidarfebruarydefenderstealcps2exemarkcontact
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ClickFix Vidar
Indicators of Compromise (3 / 29 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0205b1b8c5564acfb55991eeb19bce58 MD5 of 6d897b5661aa438a96ac8695c54b7c4f3a1fbf1b628c8d2011e50864860c6b23 2026-04-17
FileHash-MD5 3ba045cbe9734967ff33e8c18d5cf9f8 MD5 of c9d98eaf38adb0bc078d8c197aebd4ddb9221a4d4833578ef6170252a2cf4398 2026-04-17
FileHash-MD5 74feaad63959f3266753f8f6e753af41 MD5 of 789284801ce260e1b5d0b1f1eca2aedcab472f5ccb8b8cfc89a1f8134bdc416c 2026-04-17
References (1)
↗ https://labs.withsecure.com/publications/clickfix-social-media