IDP Signatures
80237 MALWARE.SMARTAPESG.CLICKFIX.ACTIVITY.A
Back to list| Signature Id | 80237 |
| Name | MALWARE.SMARTAPESG.CLICKFIX.ACTIVITY.A |
| Group | IPS MALWARE GENERAL |
| Issued | 2026-01-16 |
| Last Updated | 2026-01-16 |
| Description | SmartApeSG uses "ClickFix" social engineering, which tricks users into infecting themselves by pasting and running malicious PowerShell commands under the guise of "fixing" fake system errors. These attacks leverage compromised websites and fake CAPTCHA or Windows Update screens to hijack the user's clipboard and bypass traditional security filters. Once executed, the primary payload is typically the NetSupport RAT, which grants attackers persistent remote control, followed by secondary infections like StealC v2 for data and credential theft. |