ClickFix

ClickFix is a social engineering technique. It typically shows a popup over a webpage instructing the viewer to run a system command that will install malware.^[1]^[2]

The first ClickFix version was discovered in October 2023.^[3]

In March 2026, Apple added a mitigation to macOS to prevent ClickFix style attacks.^[4]^[5] In April, a modified variant using the applescript:// URI scheme to bypass the use of the Terminal application was found.^[6]

See also

Trojan horse (computing)

Further reading

"Think before you Click(Fix): Analyzing the ClickFix social engineering technique". Microsoft Security Blog.

References

^ Fadilpašić, Sead (2025-11-07). "Experts warn ClickFix malware attacks are back, and more dangerous than ever before - here's how to stay safe". TechRadar. Retrieved 2026-04-09.
^ Goodin, Dan (2025-11-11). "ClickFix may be the biggest security threat your family has never heard of". Ars Technica. Retrieved 2026-04-09.
^ Fermo, Vincent; Gsas '26 (2025-10-15). "ClickFix: How Hackers Use 'Verification' to Steal Your Information". Fordham University Information Security and Assurance. Retrieved 2026-04-10.{{cite web}}: CS1 maint: numeric names: authors list (link)
^ Toulas, Bill. "Apple adds macOS Terminal warning to block ClickFix attacks". BleepingComputer. Retrieved 2026-04-09.
^ "I put Apple's new macOS ClickFix warnings to the test and they actually worked — now I want them on Windows too". Tom's Guide. 2026-03-31. Retrieved 2026-04-09.
^ "New ClickFix variant bypasses Apple safeguards with one‑click script execution". CSO Online. Retrieved 2026-04-09.

External links

ClickFix Campaign Monitor v1.0

Hacking in the 2020s

← 2010s

Major incidents

2020	BlueLeaks Twitter account hijacking European Medicines Agency data breach Nintendo data leak United States federal government data breach EasyJet data breach Vastaamo data breach Windows XP Service Pack 1 and Server 2003 RTM source code leaks
2021	Microsoft Exchange Server breach Ivanti Pulse Connect Secure data breach Colonial Pipeline ransomware attack Health Service Executive ransomware attack Waikato District Health Board ransomware attack JBS S.A. ransomware attack Kaseya VSA ransomware attack Transnet ransomware attack Epik data breach FBI email hack National Rifle Association ransomware attack Banco de Oro hack Iranian fuel cyberattack
2022	Ukraine cyberattacks Red Cross data breach Anonymous and the Russian invasion of Ukraine Viasat hack DDoS attacks on Romania Costa Rican ransomware attack LastPass vault theft Shanghai police database leak Grand Theft Auto VI content leak Optus data breach
2023	Munster Technological University ransomware attack Capita data breach Evide data breach MOVEit data breach Insomniac Games data breach Operation Triangulation cyberattack British Library cyberattack
2024	XZ Utils backdoor Kadokawa and Niconico Change Healthcare ransomware attack Ukrainian cyberattacks against Russia 2024 WazirX hack Trump campaign hack Fur Affinity domain hijacking IRLeaks attack on Iranian banks Internet Archive data breach i-Soon leak 2024 global telecommunications hack 2024 National Public Data breach
2025	Cyberattacks on Bank Sepah 2025 Paraguay ransomware attack 4chan hacking and data breach 2025 St. Paul cyberattack Jaguar Land Rover cyberattack Collins Aerospace cyberattack 2025 cyberattack on Polish power grid
2026	Aura (security) data breach ManageMyHealth data breach Neighbourly data breach Cyberwarfare during the 2026 Iran war 2026 Canvas data breach

Groups

Major vulnerabilities
publicly disclosed

SMBGhost (2020)
Thunderspy (2020)
PrintNightmare (2021)
FORCEDENTRY (2021)
Log4Shell (2021)
Account pre-hijacking (2022)
Retbleed (2022)
Downfall (2023)
LogoFAIL (2023)
Reptar (2023)
Terrapin (2023)
GoFetch (2024)
Sinkclose (2024)
Copy Fail (2026)

Malware

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.