← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClickFix campaign uses fake macOS utilities lures to deliver infostealers
WHITE MarinaDiamandis 2026-05-11 Modified: 2026-05-11
80
IOCs
HIGH VOLUME
Microsoft researchers continue to observe the evolution of an infostealer campaign distributing ClickFix‑style instructions and targeting macOS users. In this recent iteration, threat actors attempt to take advantage of users who are looking for helpful advice on macOS-related issues (for example, optimizing their disk space) in blog sites and other user-driven content platforms by hosting their malicious commands in these sites.
Indicators of Compromise (4 / 80 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 241a50befcf5c1aa6dab79664e2ba9cb373cc351cb9de9c3699fd2ecb2afab05 2026-05-11
FileHash-SHA256 522fdfaff44797b9180f36c654f77baf5cdeaab861bbf372ccfc1a5bd920d62e SHA256 of 5144bf4e32c5832c426ad3da55d45f026f66bc95 2026-05-11
FileHash-SHA256 7ca42f1f23dbdc9427c9f135815bb74708a7494ea78df1fbc0fc348ba2a161ae 2026-05-11
FileHash-SHA256 9d2da07aa6e7db3fbc36b36f0cfd74f78d5815f5ba55d0f0405cdd668bd13767 SHA256 of a2421f7fd4be6b12382150033507af7aa8bf6241 2026-05-11
References (1)
↗ https://www.microsoft.com/en-us/security/blog/2026/05/06/clickfix-campaign-uses-fake-macos-utilities-lures-deliver-infostealers/