{"id":282,"date":"2026-03-16T13:43:43","date_gmt":"2026-03-16T13:43:43","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=282"},"modified":"2026-03-16T13:43:43","modified_gmt":"2026-03-16T13:43:43","slug":"clickfix-campaigns-spread-macsync-macos-infostealer-via-fake-ai-tool-installers","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=282","title":{"rendered":"ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers"},"content":{"rendered":"<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiFYjqyJvKKEaCGLTQo4-iMO_9Iq0V0lJVBlggKNorjB_DmPjq0sw_wl0EJ1oklawc4r9V7Axxk_J1WW1HEbIZwKRo8ui7thLccLTtcD6ePD0EcbJCvXWa0eAv0BYdV1cYO2HcDEIbB5GMNxUnV0TGTD3O2YAnOUcPqFJvTPPbYhufQ-sBuh1K01E6Szx9O\/s1700-e365\/macos-clickfix.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync.<\/p>\n<p>\u00abUnlike traditional exploit-based attacks, this method relies entirely on user interaction \u2013 usually in the form of copying and executing commands \u2013 making it particularly effective against users who may not appreciate the implications of running unknown and obfuscated terminal commands,\u00bb Sophos researchers Jagadeesh Chandraiah, Tonmoy Jitu, Dmitry Samosseiko, and Matt Wixey <a href=\"https:\/\/www.sophos.com\/en-us\/blog\/evil-evolution-clickfix-and-macos-infostealers\" rel=\"noopener\" target=\"_blank\">said<\/a>.<\/p>\n<p>It&#8217;s currently not known if the campaigns are the work of the same threat actor. The use of ClickFix lures to distribute the malware was also flagged by Jamf Threat Labs in December 2025. The details of the three campaigns are as follows &#8211;<\/p>\n<ul>\n<li>November 2025: A campaign that used the OpenAI Atlas browser as bait, delivered via sponsored search results on Google, to direct users to a fake Google Sites URL with a download button that, when clicked, displayed instructions to open the Terminal app and paste a command to it. This action downloaded a shell script, which prompts the user to enter the system password and runs MacSync with user-level permissions.<\/li>\n<li>December 2025: A <a href=\"https:\/\/guard.io\/blog\/mac-storage-fix-google-ads-scam\" rel=\"noopener\" target=\"_blank\">malvertising campaign<\/a> that leveraged sponsored links tied to searches for queries like \u00abhow to clean up your Mac\u00bb on Google to lead users to shared conversations on the legitimate OpenAI ChatGPT site to give the impression that the links were safe. The ChatGPT conversations redirected victims to malicious GitHub-themed landing pages that tricked users into running malicious commands on the Terminal app.<\/li>\n<li>February 2026: A campaign targeting Belgium, India, and parts of North and South America that distributed a new variant of MacSync delivered through ClickFix lures. The latest iteration supports dynamic AppleScript payloads and in-memory execution to evade static analysis, bypass behavioral detections, and complicate incident response.<\/li>\n<\/ul>\n<p>The shell script launched after running the Terminal command is designed to contact a hard-coded server and retrieve the AppleScript infostealer payload, while simultaneously taking steps to remove evidence of data theft. The stealer is equipped to harvest a wide range of data from compromised hosts, including exfiltrating credentials, files, keychain databases, and seed phrases from cryptocurrency wallets.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/not-fast-enough-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhlXM830ruQd2xT6M7JNeNRjaFa1onD12WjSCHihTFMTzbyfT9h-irPmXy_h3E1HGSs6sdv7FTmnyNVTM5kmSb7BuUtZe8gKoTQt99P1sSzRcqqXpOJP6eoAOhR3DGb6qHx9kOZ_HBZUMmVnsnd0DM7QfUp81bgzTvvgLww6oqB-EhnDfWXH5pWCYhAsyLs\/s728-e100\/tl-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The latest findings suggest the threat actors are adapting the formula to stay one step ahead of security tools, while weaponizing the trust associated with ChatGPT conversations to convince users to run malicious commands.<\/p>\n<p><a name=\"more\"\/><\/p>\n<p>The new variant observed in the most recent campaign \u00ablikely represents the malware developer adjusting to OS and software security measures to maintain effectiveness,\u00bb Sophos said. \u00abRefinements to the typical ClickFix social engineering tactics are therefore one way in which such campaigns may continue to evolve in the future.\u00bb<\/p>\n<p>In recent months, ClickFix campaigns have used legitimate platforms like Cloudflare Pages (pages.dev), Squarespace, and Tencent EdgeOne to host bogus instructions for installing developer tools like Anthropic&#8217;s Claude Code. The URLs are distributed via malicious search engine ads.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiCW2Ib1JQNnsbeAVawmEAeLAKKB3LoNCdF4q89rGf8oL-zO96Roy0cDHAUxPLrG9-_QMcT9o9_TGo0dYuTbOwh2yjp8E7vJv1B1pryro0oMHU346xnMbsBVz6dq9hdnji5USwHbFKsKQfvmvdN7bUUESXquL7FC-ZAK6zo-_maf_DDc77WPw-8MPW-fcqr\/s1700-e365\/macos-clickfix.png\" style=\"display: block;  text-align: center; clear: left; float: left;\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiCW2Ib1JQNnsbeAVawmEAeLAKKB3LoNCdF4q89rGf8oL-zO96Roy0cDHAUxPLrG9-_QMcT9o9_TGo0dYuTbOwh2yjp8E7vJv1B1pryro0oMHU346xnMbsBVz6dq9hdnji5USwHbFKsKQfvmvdN7bUUESXquL7FC-ZAK6zo-_maf_DDc77WPw-8MPW-fcqr\/s1700-e365\/macos-clickfix.png\" alt=\"\" border=\"0\" data-original-height=\"1201\" data-original-width=\"1118\"\/><\/a><\/div>\n<p>The instructions, as before, deceive victims into <a href=\"https:\/\/www.pillar.security\/resources\/installfix-fake-claude-code-amatera-stealer\" rel=\"noopener\" target=\"_blank\">installing infostealer malware<\/a> like Amatera Stealer instead. The social engineering attack has been codenamed <a href=\"https:\/\/pushsecurity.com\/blog\/installfix\/\" rel=\"noopener\" target=\"_blank\">InstallFix<\/a> or <a href=\"https:\/\/x.com\/bananahacks\/status\/2030618128787390600\" rel=\"noopener\" target=\"_blank\">GoogleFix<\/a>. According to Nati Tal, head of Guardio Labs, similar infection chains lead to the deployment of Alien infostealer on Windows and Atomic Stealer on macOS.<\/p>\n<p>The PowerShell command executed after pasting and running the supposed installation command for Claude Code fetches a legitimate Chrome extension package within a malicious HTML Application (HTA) file, which then launches an obfuscated .NET loader for Alien in memory, per Tal.<\/p>\n<p>\u00abWhile traditional ClickFix attacks need to manufacture a reason for the user to run a command: a fake CAPTCHA, a fabricated error message, a bogus system prompt \u2014 InstallFix doesn&#8217;t need any of that,\u00bb Push Security said. \u00abThe pretext is simply the user wanting to install legit software.\u00bb<\/p>\n<p>According to Pillar Security, there have been at least 20 distinct malware campaigns that have targeted artificial intelligence (AI) and vibe coding tools between February and March 2026. These include code editors, AI agents, large language models (LLM) platforms, AI-powered browser extensions, AI video generators, and AI business tools. Of these, nine have been found to target both Windows and macOS, with another seven exclusively affecting macOS users.<\/p>\n<p>\u00abThe reason is clear: AI\/vibe coding tool users skew heavily toward macOS, and macOS users tend to have higher-value credentials (SSH keys, cloud tokens, cryptocurrency wallets),\u00bb Pillar Security researcher Eilon Cohen <a href=\"https:\/\/www.pillar.security\/blog\/ai-coding-tools-under-fire-mapping-the-malvertising-campaigns-targeting-the-vibe-coding-ecosystem\" rel=\"noopener\" target=\"_blank\">said<\/a>.<\/p>\n<p>\u00abThe ClickFix\/InstallFix technique (tricking users into pasting commands into Terminal) is uniquely effective against developers because curl | sh is a legitimate installation pattern. Homebrew, Rust, nvm, and many other developer tools use this exact pattern. The malicious commands hide in plain sight.\u00bb<\/p>\n<p>Needless to say, the advantage posed by ClickFix (and its variants) has led to the tactic being adopted by multiple threat actors and groups. This includes a malicious traffic distribution system (TDS) named <a href=\"https:\/\/alertoverload.com\/posts\/2026\/01\/kongtuke---clickfix-on-steroids\/\" rel=\"noopener\" target=\"_blank\">KongTuke<\/a> (aka 404 TDS, Chaya_002, LandUpdate808, and TAG-124), which uses compromised WordPress websites and fake CAPTCHA lures to deliver a Python-based trojan called ModeloRAT.\u00a0<\/p>\n<p>The attackers inject malicious JavaScript into legitimate WordPress websites that prompt users to run a PowerShell command responsible for initiating a multi-stage infection process to deploy the trojan.<\/p>\n<p>\u00abThe group continues to use this method alongside the newer CrashFix technique, which tricks users into installing a malicious browser extension to initiate infection,\u00bb Trend Micro said. \u00abThe malware specifically checks whether a system is part of a corporate domain and identifies installed security tools before continuing, suggesting a focus on enterprise environments rather than opportunistic infections.\u00bb<\/p>\n<p>That&#8217;s not all. KongTuke campaigns have also been <a href=\"https:\/\/github.com\/PaloAltoNetworks\/Unit42-timely-threat-intel\/blob\/main\/2026-02-03-IOCs-from-KongTuke-ClickFix-activity.txt\" rel=\"noopener\" target=\"_blank\">spotted<\/a> using DNS TXT records in their ClickFix script. These DNS TXT records stage a command to retrieve and run a PowerShell script.<\/p>\n<p>Other ClickFix-style pastejacking attacks that have been detected in the wild are listed below &#8211;<\/p>\n<ul>\n<li>Using <a href=\"https:\/\/github.com\/PaloAltoNetworks\/Unit42-timely-threat-intel\/blob\/main\/2025-12-03-recent-surge-in-ClickFix-activity.txt\" rel=\"noopener\" target=\"_blank\">compromised websites<\/a> to display lures for ClickFix pages that mimic Google&#8217;s \u00abAw Snap!\u00bb error or browser updates to distribute droppers, downloaders, and malicious browser extensions.<\/li>\n<li>Using <a href=\"https:\/\/www.levelblue.com\/blogs\/spiderlabs-blog\/beware-the-clickfix-trap-remcos-rat-hiding-in-helpful-puas\" rel=\"noopener\" target=\"_blank\">ClickFix decoys<\/a> served via malvertising\/phishing links to direct users to malicious pages that lead to the deployment of Remcos RAT.<\/li>\n<li>Using a <a href=\"https:\/\/www.malwarebytes.com\/blog\/threat-intel\/2026\/03\/fake-temu-coin-airdrop-uses-clickfix-trick-to-install-stealthy-malware\" rel=\"noopener\" target=\"_blank\">fake CAPTCHA verification lure<\/a> on a phony website promoting a $TEMU airdrop scam to trigger the execution of a PowerShell command that runs arbitrary Python code retrieved from a server.<\/li>\n<li>Using a <a href=\"https:\/\/www.malwarebytes.com\/blog\/threat-intel\/2026\/03\/fake-cleanmymac-site-installs-shub-stealer-and-backdoors-crypto-wallets\" rel=\"noopener\" target=\"_blank\">bogus website advertising CleanMyMac<\/a> to trick users into running a malicious Terminal command to deploy a macOS stealer named SHub Stealer and backdoor cryptocurrency wallets such as Exodus, Atomic Wallet, Ledger Wallet, and Ledger Live to steal the seed phrases.<\/li>\n<li>Using a <a href=\"https:\/\/www.threatdown.com\/blog\/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security\/\" rel=\"noopener\" target=\"_blank\">fake CAPTCHA verification lure<\/a> on compromised websites to run a PowerShell script that delivers an MSI dropper, which then installs the Deno JavaScript runtime to execute obfuscated code that ultimately installs CastleRAT in memory by means of a Python loader named CastleLoader.<\/li>\n<\/ul>\n<p>In a report published last week, Rapid7 <a href=\"https:\/\/www.rapid7.com\/blog\/post\/tr-malicious-websites-wordpress-compromise-advances-global-stealer-operation\/\" rel=\"noopener\" target=\"_blank\">revealed<\/a> that highly trusted WordPress websites are being compromised as part of an ongoing, widespread campaign designed to inject a ClickFix implant impersonating a Cloudflare human verification challenge. The activity has been active since December 2025.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/cyber-comm-guide-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEigDbfWwE4P_DsjfBRxgecgosqTRr8-2j328LrzdUBWrWmWeDUTI7OhXc-zXveYOjBc7GStGz5WnpXsJGaLCuoryIXbL7NxRyaWzIJGO1TBpd48NkYzNqTMj9zWMzgfvqh20RxsdMll45TFiMzXja0pAd7roFjMnzsRYBGHOWSLnyKN-oMKyCLoYcjmb5hm\/s728-e100\/ciso-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>More than 250 infected websites have been identified in at least 12 countries, including Australia, Brazil, Canada, Czechia, Germany, India, Israel, Singapore, Slovakia, Switzerland, the U.K., and the U.S. The websites have been identified as regional news outlets and local businesses.<\/p>\n<p>The end goal of these lures is to compromise the Windows systems with different stealer malware families: <a href=\"https:\/\/www.levelblue.com\/blogs\/spiderlabs-blog\/how-clickfix-opens-the-door-to-stealthy-stealc-information-stealer\" rel=\"noopener\" target=\"_blank\">StealC Stealer<\/a>, an improved version of Vidar Stealer, a .NET stealer dubbed Impure Stealer, and a C++ stealer referred to as VodkaStealer. The stolen data can then act as a launchpad for financial theft or follow-on attacks.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEidIWViMepVNDSqtHjDrNE0qo8YKfPYqzNu1qW9UMDUUJ0DXP7KZb5eCOI53nhytVLClFpHMkfVGvzk6dz6heFNllnGxqStJNDqiWUsxNbUth5ctXBfkB8TKRegFavZggkXJB22tJQex6-u1S-oifBt49C96cIF3GHTUC504QHEoTZ22CCe1zHvREAq0VCd\/s1700-e365\/attack-chain.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEidIWViMepVNDSqtHjDrNE0qo8YKfPYqzNu1qW9UMDUUJ0DXP7KZb5eCOI53nhytVLClFpHMkfVGvzk6dz6heFNllnGxqStJNDqiWUsxNbUth5ctXBfkB8TKRegFavZggkXJB22tJQex6-u1S-oifBt49C96cIF3GHTUC504QHEoTZ22CCe1zHvREAq0VCd\/s1700-e365\/attack-chain.jpg\" alt=\"\" border=\"0\" data-original-height=\"5036\" data-original-width=\"9729\"\/><\/a><\/div>\n<p>The exact method by which the WordPress sites are hacked is presently not known. However, it&#8217;s suspected to involve the exploitation of recently disclosed security flaws in WordPress plugins and themes, previously stolen admin credentials, or publicly accessible wp-admin interfaces.<\/p>\n<p>To counter the threat, site administrators are advised to keep their sites up-to-date, use strong passwords for administrative access, set up two-factor authentication (2FA), and scan for suspicious administrator accounts.<\/p>\n<p>\u00abThe best defense for individuals browsing the web is to stay cautious, maintain a zero-trust mindset, use reputable security software, and keep themselves up to date with the latest phishing and ClickFix tactics used by malicious actors,\u00bb Rapid7 said. \u00abAn important takeaway from this report should be that even trusted websites can be compromised and weaponized against unsuspecting visitors.\u00bb<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. \u00abUnlike traditional exploit-based attacks, this method relies&hellip;<\/p>\n","protected":false},"author":1,"featured_media":283,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[693,225,150,695,696,421,694,262,551],"class_list":["post-282","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-campaigns","tag-clickfix","tag-fake","tag-infostealer","tag-installers","tag-macos","tag-macsync","tag-spread","tag-tool"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/282","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=282"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/282\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/283"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}