Threat Intelligence Report

Tech impersonators: ClickFix and MacOS infostealers | Datadog Security Labs

📅 February 10, 2026 📰 securitylabs.datadoghq.com 🔍 0 CVE(s) referenced

A sophisticated, ongoing campaign is using fake GitHub repositories and the ClickFix social engineering technique to trick users into installing advanced macOS and Windows infostealers—most notably the persistent SHub Stealer v2.0—which steal credentials, sensitive files, and maintain remote access while actively evading detection.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle