clickfix

Apple Patched the Door. Attackers Used the Window.

John Z Black Apr 10, 2026

Threat Intelligence #atomic-stealer #amos #macos #clickfix #script-editor #malware #pypi #litellm #supply-chain

macOS 26.4 added Terminal security scanning to block ClickFix attacks. Within 48 hours, Atomic Stealer was back, running through Script Editor instead. One click. No warning.

ClickFix Went Cross-Platform This Week. Mac Users, You're Not Safe.

John Z Black Mar 17, 2026

Malware & Threats #clickfix #macsync #remcos #social-engineering #macos #vpn #malware #storm-2561

Three separate campaigns are using ClickFix to trick people into installing malware themselves. macOS, Windows, enterprise VPN users. No exploit needed. Just copy, paste, execute.

ClickFix Is the Social Engineering Trick That Took Over 2026

John Z Black Mar 10, 2026

Threat Intelligence #clickfix #social-engineering #ransomware #teams #phishing #a0backdoor #castlerat #chrome-extensions

A dead-simple social engineering trick is showing up everywhere in 2026. Users paste a command into PowerShell or a Run dialog and boom, malware runs. Three separate campaigns hit this week alone.