Signal
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-03-06 06:44 UTCUpdated 2026-03-06 13:37 UTC
rss
windows_terminal_malwarebytes
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.3 top sources shown
Overview
A convincing fake version of the popular Mac utility CleanMyMac is tricking users into installing malware. The site instructs visitors to paste a command into Terminal.
Score total
1.17
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
All evidence
All evidence
Microsoft spots ClickFix campaign getting users to self-pwn on Windows Terminal
The Register Security · go.theregister.com · 2026-03-06 13:37 UTC
Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets
Malwarebytes Threat Analysis · malwarebytes.com · 2026-03-06 08:44 UTC
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
thehackernews · thehackernews.com · 2026-03-06 06:44 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
- The Register Security (1)
- Malwarebytes Threat Analysis (1)
- thehackernews (1)
Top origin domains (this list)
- go.theregister.com (1)
- malwarebytes.com (1)
- thehackernews.com (1)