← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClickFix campaign uses fake macOS utilities lures to deliver infostealers
WHITE MarinaDiamandis 2026-05-11 Modified: 2026-05-11
95
IOCs
HIGH VOLUME
Microsoft researchers continue to observe the evolution of an infostealer campaign distributing ClickFix‑style instructions and targeting macOS users. In this recent iteration, threat actors attempt to take advantage of users who are looking for helpful advice on macOS-related issues (for example, optimizing their disk space) in blog sites and other user-driven content platforms by hosting their malicious commands in these sites.
Indicators of Compromise (16 / 95 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://lakhov.com/contact 2026-05-11
URL http://paralegalmustang.icu/script.sh 2026-05-11
URL https://avipstudios.com/contact 2026-05-11
URL https://cauterizespray.icu/script.sh 2026-05-11
URL https://enslaveculprit.digital/script.sh 2026-05-11
URL https://joytion.com/contact 2026-05-11
URL https://kvrnjr30.apexharvestor.digital 2026-05-11
URL https://laislivon.com/contact 2026-05-11
URL https://mpasvw.com/contact 2026-05-11
URL https://qjywvkbl.degassing-mould.digital 2026-05-11
URL https://resilientlimb.icu/script.sh 2026-05-11
URL https://round5on.digital/script.sh 2026-05-11
URL https://thickentributary.digital/script.sh 2026-05-11
URL https://www.iru.com/blog/atomic-stealer-amos-returns 2026-05-11
URL https://yygp4pdh.apexharvestor.digital 2026-05-11
URL https://zg5mkr7q.apexharvestor.digital 2026-05-11
References (1)
↗ https://www.microsoft.com/en-us/security/blog/2026/05/06/clickfix-campaign-uses-fake-macos-utilities-lures-deliver-infostealers/