← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClickFix campaign uses fake macOS utilities lures to deliver infostealers
WHITE MarinaDiamandis 2026-05-11 Modified: 2026-05-11
95
IOCs
HIGH VOLUME
Microsoft researchers continue to observe the evolution of an infostealer campaign distributing ClickFix‑style instructions and targeting macOS users. In this recent iteration, threat actors attempt to take advantage of users who are looking for helpful advice on macOS-related issues (for example, optimizing their disk space) in blog sites and other user-driven content platforms by hosting their malicious commands in these sites.
Indicators of Compromise (4 / 95 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 22d051c9cc458012b98e9bdca501759e MD5 of 9d2da07aa6e7db3fbc36b36f0cfd74f78d5815f5ba55d0f0405cdd668bd13767 2026-05-11
FileHash-MD5 6bdc50f8fd33068331e16766fd5f3b63 MD5 of 241a50befcf5c1aa6dab79664e2ba9cb373cc351cb9de9c3699fd2ecb2afab05 2026-05-11
FileHash-MD5 8a43b2d626ad00289053ab73374bbc2b MD5 of 7ca42f1f23dbdc9427c9f135815bb74708a7494ea78df1fbc0fc348ba2a161ae 2026-05-11
FileHash-MD5 8bfa2df2110c38dff2359a416ce14693 MD5 of 522fdfaff44797b9180f36c654f77baf5cdeaab861bbf372ccfc1a5bd920d62e 2026-05-11
References (1)
↗ https://www.microsoft.com/en-us/security/blog/2026/05/06/clickfix-campaign-uses-fake-macos-utilities-lures-deliver-infostealers/