ClickFix is a social engineering technique. It typically shows a popup over a webpage instructing the viewer to run a system command that will install malware.[1][2]
The first ClickFix version was discovered in October 2023.[3]
In March 2026, Apple added a mitigation to macOS to prevent ClickFix style attacks.[4][5] In April, a modified variant using the applescript:// URI scheme to bypass the use of the Terminal application was found.[6]
Further reading
References
- ^ Fadilpašić, Sead (2025-11-07). “Experts warn ClickFix malware attacks are back, and more dangerous than ever before – here’s how to stay safe”. TechRadar. Retrieved 2026-04-09.
- ^ Goodin, Dan (2025-11-11). “ClickFix may be the biggest security threat your family has never heard of”. Ars Technica. Retrieved 2026-04-09.
- ^ Fermo, Vincent; Gsas ’26 (2025-10-15). “ClickFix: How Hackers Use ‘Verification’ to Steal Your Information”. Fordham University Information Security and Assurance. Retrieved 2026-04-10.
{{cite web}}: CS1 maint: numeric names: authors list (link) - ^ Toulas, Bill. “Apple adds macOS Terminal warning to block ClickFix attacks”. BleepingComputer. Retrieved 2026-04-09.
- ^ “I put Apple’s new macOS ClickFix warnings to the test and they actually worked — now I want them on Windows too”. Tom’s Guide. 2026-03-31. Retrieved 2026-04-09.
- ^ “New ClickFix variant bypasses Apple safeguards with one‑click script execution”. CSO Online. Retrieved 2026-04-09.