ET MALWARE Observed MacOS ClickFix Landing Page

SID: 2067818Rev: 10 views
Sourceet/open
CreatedFebruary 18, 2026
UpdatedFebruary 18, 2026
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Observed MacOS ClickFix Landing Page"; flow:established,to_client; http.response_body; content:"data|2d|title|3d 22|usb|20|drive|20|not|20|showing|20|up|20|on|20|macos|22|"; nocase; fast_pattern; reference:url,x.com/fabo97662188/status/2023820722674757888; classtype:trojan-activity; sid:2067818; rev:1; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2026_02_18, deployment Perimeter, deployment SSLDecrypt, malware_family ClickFix, confidence High, signature_severity Critical, updated_at 2026_02_18, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1189, mitre_technique_name Drive_by_Compromise; target:dest_ip;)

References

urlx.com/fabo97662188/status/2023820722674757888

Metadata

affected productMac_OSX
attack targetClient_Endpoint
tls stateTLSDecrypt
created at2026_02_18
deploymentSSLDecrypt
malware familyClickFix
confidenceHigh
signature severityCritical
updated at2026_02_18
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1189
mitre technique nameDrive_by_Compromise

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!