New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware

Security researchers have uncovered a sophisticated malware campaign that leverages the ClickFix social engineering technique to distribute information-stealing malware across Windows and macOS platforms.

The campaign demonstrates how threat actors are exploiting legitimate search queries for cracked software to deliver devastating payloads that compromise user credentials and sensitive data.paste.txt​

The infection chain begins when users search for cracked or pirated software online, a well-established lure for cybercriminals.

Instead of receiving legitimate results, victims encounter malicious landing pages hosted on Google-hosted services, including Colab, Drive, Looker Studio, Sites, and Groups.

This multi-hop infrastructure is deliberately designed to evade traditional security measures, as administrators are less likely to block Google services outright.paste.txt​

Once users click through these landing pages, they’re presented with fake security warnings that mimic legitimate Cloudflare verification pages.

The deceptive interface instructs users to copy and paste what appears to be ...