ClickFix Campaigns Targeting Windows and macOS
Summary
Insikt Group has identified five distinct ClickFix social engineering campaigns targeting both Windows and macOS users. These campaigns leverage legitimate system tools with obfuscated commands to achieve initial access on compromised systems, with notable clusters focusing on QuickBooks, Booking.com, and Birdeye.
IFF Assessment
FOE
This campaign represents a new technique for threat actors to gain initial access, making it harder for traditional security measures to detect.
Defender Context
Defenders should be aware of these social engineering tactics that exploit trusted system functionalities. Training users to recognize suspicious prompts and closely scrutinizing executed commands on endpoints are crucial mitigation strategies.