The Hacker News

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users and developers.
Security Boulevard

Fake Temu Coin airdrop uses ClickFix trick to install stealthy malware

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

Termite ransomware breaches linked to ClickFix CastleRAT attacks

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.
The Register on MSN

Microsoft spots ClickFix campaign getting users to self-pwn on Windows Terminal

Crooks tweak familiar copy-paste ruse so that victims run malicious commands themselves A new twist on the long-running ClickFix scam is now tricking Windows users into launching Windows Terminal and ...
PCQuest

Copy-Paste This Command and You’re Hacked: New Windows Terminal Attack Spreads Lumma Stealer

Hackers are abusing Windows Terminal in a new ClickFix attack that installs Lumma Stealer and steals browser passwords while ...
The Hacker News

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Microsoft reveals ClickFix campaign abusing Windows Terminal to deliver Lumma Stealer and steal browser credentials.