ET MALWARE Observed MacOS ClickFix Landing Page

SID: 2067816Rev: 10 views
Sourceet/open
CreatedFebruary 18, 2026
UpdatedFebruary 18, 2026
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Observed MacOS ClickFix Landing Page"; flow:established,to_client; http.response_body; content:"|3c|title|3e|how|20|to|20|show|20|hidden|20|files|20|on|20|macos|3c 2f|title|3e|"; nocase; fast_pattern; reference:url,x.com/fabo97662188/status/2023820722674757888; classtype:trojan-activity; sid:2067816; rev:1; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2026_02_18, deployment Perimeter, deployment SSLDecrypt, malware_family ClickFix, confidence High, signature_severity Critical, updated_at 2026_02_18, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1189, mitre_technique_name Drive_by_Compromise; target:dest_ip;)

References

urlx.com/fabo97662188/status/2023820722674757888

Metadata

affected productMac_OSX
attack targetClient_Endpoint
tls stateTLSDecrypt
created at2026_02_18
deploymentSSLDecrypt
malware familyClickFix
confidenceHigh
signature severityCritical
updated at2026_02_18
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1189
mitre technique nameDrive_by_Compromise

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!