Researchers identified three distinct ClickFix campaigns that actively deliver a macOS information stealer known as MacSync.
“Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making it particularly effective against users who may not appreciate the implications of running unknown and obfuscated terminal commands,” Sophos researchers Jagadeesh Chandraiah, Tonmoy Jitu, Dmitry Samosseiko, and Matt Wixey said.
However, researchers still cannot confirm whether a single threat actor operates all three campaigns. Meanwhile, Jamf Threat Labs also flagged the use of ClickFix lures to distribute malware in December 2025.
Breakdown of the Three ClickFix Campaigns
In November 2025, attackers used OpenAI’s ChatGPT Atlas web browser as bait. They placed sponsored search results on Google, which redirected users to a fake Google Sites page.
Once users clicked the download button, the page displayed instructions prompting them to open the Terminal app and paste a command. As a result, the command downloaded a shell script that requested the system password and executed MacSync with user-level permissions.
Next, in December 2025, attackers launched a malvertising campaign using sponsored Google links tied to queries like “how to clean up your Mac.”
These links redirected users to shared conversations on the legitimate ChatGPT site, creating a false sense of trust. Subsequently, those conversations led victims to malicious GitHub-themed pages, where attackers tricked them into executing harmful Terminal commands.
More recently, in February 2026, attackers targeted users in Belgium, India, and parts of North and South America.
They distributed a new MacSync variant through ClickFix lures. Notably, this version supports dynamic AppleScript payloads and in-memory execution, which helps it evade static analysis, bypass behavioral detection, and complicate incident response.
How the MacSync Payload Operates
After users run the malicious Terminal command, the shell script contacts a hard-coded server and retrieves an AppleScript infostealer payload. At the same time, it removes traces of the activity to reduce forensic evidence.
The MacSync stealer then collects a wide range of sensitive data, including:
- Credentials
- Files
- Keychain databases
- Cryptocurrency wallet seed phrases
Overall, the latest findings indicate that threat actors continuously adapt ClickFix techniques to stay ahead of security defenses. At the same time, they exploit the trust associated with ChatGPT conversations to persuade users to execute malicious commands.
The new variant observed in the most recent campaign “likely represents the malware developer adjusting to OS and software security measures to maintain effectiveness,” Sophos said. “Refinements to the typical ClickFix social engineering tactics are therefore one way in which such campaigns may continue to evolve in the future.”
Expansion of ClickFix and InstallFix Campaigns
In recent months, attackers have expanded ClickFix campaigns by leveraging legitimate platforms such as Cloudflare Pages, Squarespace, and Tencent EdgeOne to host fake installation instructions for tools like Anthropic’s Claude Code. They then distribute these URLs via malicious search ads.
As before, these instructions deceive users into installing infostealers such as Amatera Stealer. Researchers now refer to this variation as InstallFix or GoogleFix.
According to Nati Tal, head of Guardio Labs, similar attack chains also deploy:
- Alien infostealer on Windows
- Atomic Stealer on macOS
Furthermore, the PowerShell command tied to fake Claude Code installation downloads a legitimate Chrome extension package hidden inside a malicious HTA file. This file then launches an obfuscated .NET loader for Alien directly in memory.
“While traditional ClickFix attacks need to manufacture a reason for the user to run a command: a fake CAPTCHA, a fabricated error message, a bogus system prompt — InstallFix doesn’t need any of that,” Push Security said. “The pretext is simply the user wanting to install legit software.”
AI Tools Increasingly Targeted by Malware Campaigns
At the same time, Pillar Security identified at least 20 malware campaigns targeting AI and vibe coding tools between February and March 2026.
These targets include:
- Code editors
- AI agents
- Large language model (LLM) platforms
- Browser extensions
- Video generators
- Business tools
Notably:
- Nine campaigns target both Windows and macOS
- Seven campaigns focus exclusively on macOS
“The reason is clear: AI/vibe coding tool users skew heavily toward macOS, and macOS users tend to have higher-value credentials (SSH keys, cloud tokens, cryptocurrency wallets),” Pillar Security researcher Eilon Cohen said.
“The ClickFix/InstallFix technique (tricking users into pasting commands into Terminal) is uniquely effective against developers because curl | sh is a legitimate installation pattern. Homebrew, Rust, nvm, and many other developer tools use this exact pattern. The malicious commands hide in plain sight.”
ClickFix Adoption Spreads Across Threat Actors
As a result of its effectiveness, multiple threat groups have adopted ClickFix tactics.
For example, a traffic distribution system (TDS) known as KongTuke (also called 404 TDS, Chaya_002, LandUpdate808, and TAG-124) uses compromised WordPress sites and fake CAPTCHA lures to deliver a Python-based trojan called ModeloRAT.
Attackers inject malicious JavaScript into legitimate websites, prompting users to execute a PowerShell command that initiates a multi-stage infection chain.
“The group continues to use this method alongside the newer CrashFix technique, which tricks users into installing a malicious browser extension to initiate infection,” Trend Micro said. “The malware specifically checks whether a system is part of a corporate domain and identifies installed security tools before continuing, suggesting a focus on enterprise environments rather than opportunistic infections.”
Additionally, KongTuke campaigns use DNS TXT records to stage commands that download and execute malicious PowerShell scripts.
Researchers have also observed several ClickFix-style pastejacking attacks, including:
- Compromised websites displaying fake “Aw Snap!” errors or browser updates to distribute malware
- Malvertising campaigns delivering Remcos RAT
- Fake CAPTCHA lures promoting $TEMU airdrop scams that execute Python-based payloads
- Fake CleanMyMac websites distributing SHub Stealer and targeting wallets like Exodus, Atomic Wallet, Ledger Wallet, and Ledger Live
- CAPTCHA-based lures delivering CastleRAT via Deno runtime and Python loaders
Large-Scale WordPress ClickFix Campaign
In a recent report, Rapid7 revealed a widespread campaign that compromises WordPress websites to inject ClickFix implants disguised as Cloudflare verification prompts.
This campaign has remained active since December 2025 and has impacted over 250 websites across 12 countries, including Brazil, the U.S., the U.K., Germany, India, and Australia. Many affected sites include regional news outlets and local businesses.
Attackers ultimately deploy various stealer malware families, such as:
- StealC Stealer
- Vidar Stealer (variant)
- Impure Stealer (.NET)
- VodkaStealer (C++)
They then use the stolen data to enable financial theft or launch additional attacks.
Mitigation and Security Recommendations
Although researchers have not identified the exact intrusion method, they suspect attackers exploit:
- Vulnerable WordPress plugins/themes
- Previously stolen admin credentials
- Exposed wp-admin interfaces
To reduce risk, administrators should:
- Keep systems up to date
- Use strong passwords
- Enable two-factor authentication (2FA)
- Monitor for suspicious admin accounts
“The best defense for individuals browsing the web is to stay cautious, maintain a zero-trust mindset, use reputable security software, and keep themselves up to date with the latest phishing and ClickFix tactics used by malicious actors,” Rapid7 said. “An important takeaway from this report should be that even trusted websites can be compromised and weaponized against unsuspecting visitors.”
Source: TheHackerNews
Read more at Impreza News
