ClickFix tactic: Revenge of detection

ClickFix is an emerging social-engineering tactic that coerces victims via fake Google Meet or reCAPTCHA pages to open the Run dialog and paste/execute malicious mshta or PowerShell commands, enabling download and execution of payloads (including infostealers such as Amos Stealer). The report documents Windows and macOS infection chains, abuse of legitimate tools (mshta, bitsadmin, PowerShell), provides endpoint and network detection rules and correlation recipes, and notes usage by multiple intrusion sets including TA571 and reported attribution to APT28.