IDP Signatures

80237 MALWARE.SMARTAPESG.CLICKFIX.ACTIVITY.A

Back to list
Signature Id 80237
Name MALWARE.SMARTAPESG.CLICKFIX.ACTIVITY.A
Group IPS MALWARE GENERAL
Issued 2026-01-16
Last Updated 2026-01-16
Description SmartApeSG uses "ClickFix" social engineering, which tricks users into infecting themselves by pasting and running malicious PowerShell commands under the guise of "fixing" fake system errors. These attacks leverage compromised websites and fake CAPTCHA or Windows Update screens to hijack the user's clipboard and bypass traditional security filters. Once executed, the primary payload is typically the NetSupport RAT, which grants attackers persistent remote control, followed by secondary infections like StealC v2 for data and credential theft.