← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClickFix-style commands disguised as tech tips across social media platforms and beyond
WHITE PetrP.73 2026-04-17 Modified: 2026-04-17
29
IOCs
MEDIUM VOLUME
ClickFix-style attacks have emerged as a significant cyber threat, exploiting social media and video content to deliver malware effectively. These attacks prompt unsuspecting victims to execute seemingly harmless commands on their machines, which initiates a chain of malicious activities resulting in the installation of malware, most notably the Vidar information stealer. In a case investigated by WithSecure's Managed Detection and Response team, this method was demonstrated when a corporate endpoint executed a ClickFix command disguised as a tech tip, compromising the system.
researchblog postmalwarewithsecure threat intelligence teamdomain namesha256withsecureclickfixgoogle searchusernameinstagram userjavascriptstingrfacebookpowershellvidarfebruarydefenderstealcps2exemarkcontact
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ClickFix Vidar
Indicators of Compromise (3 / 29 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 680b50da1cba2061ed2f3fa6b717e49ab0310176 SHA1 of 789284801ce260e1b5d0b1f1eca2aedcab472f5ccb8b8cfc89a1f8134bdc416c 2026-04-17
FileHash-SHA1 6e78657fa6f48b2ad16c72207cba9c2205f1ba48 SHA1 of c9d98eaf38adb0bc078d8c197aebd4ddb9221a4d4833578ef6170252a2cf4398 2026-04-17
FileHash-SHA1 e295d4740de0db39f1a286bcff416c28530524a7 SHA1 of 6d897b5661aa438a96ac8695c54b7c4f3a1fbf1b628c8d2011e50864860c6b23 2026-04-17
References (1)
↗ https://labs.withsecure.com/publications/clickfix-social-media