← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClickFix campaign uses fake macOS utilities lures to deliver infostealers
WHITE MarinaDiamandis 2026-05-11 Modified: 2026-05-11
95
IOCs
HIGH VOLUME
Microsoft researchers continue to observe the evolution of an infostealer campaign distributing ClickFix‑style instructions and targeting macOS users. In this recent iteration, threat actors attempt to take advantage of users who are looking for helpful advice on macOS-related issues (for example, optimizing their disk space) in blog sites and other user-driven content platforms by hosting their malicious commands in these sites.
Indicators of Compromise (4 / 95 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 12633ed0d82597140207602d76aefe1b81352d77 SHA1 of 7ca42f1f23dbdc9427c9f135815bb74708a7494ea78df1fbc0fc348ba2a161ae 2026-05-11
FileHash-SHA1 286d5ca9275a8516cd0573d0750896f46090345c SHA1 of 241a50befcf5c1aa6dab79664e2ba9cb373cc351cb9de9c3699fd2ecb2afab05 2026-05-11
FileHash-SHA1 5144bf4e32c5832c426ad3da55d45f026f66bc95 SHA1 of 522fdfaff44797b9180f36c654f77baf5cdeaab861bbf372ccfc1a5bd920d62e 2026-05-11
FileHash-SHA1 a2421f7fd4be6b12382150033507af7aa8bf6241 SHA1 of 9d2da07aa6e7db3fbc36b36f0cfd74f78d5815f5ba55d0f0405cdd668bd13767 2026-05-11
References (1)
↗ https://www.microsoft.com/en-us/security/blog/2026/05/06/clickfix-campaign-uses-fake-macos-utilities-lures-deliver-infostealers/