ClickFix/SmartApeSG evolving: fake AI installers deliver MacSync + AI evasion TTPs
Key Questions
What is ClickFix and how is it evolving?
ClickFix is actively using fake AI installers to deliver Remcos and MacSync malware, targeting credentials, Keychain, and crypto via AI lures. It is evolving alongside threats like SADOS hyper-personalized BEC campaigns.
What are the latest statistics on AI-crafted phishing campaigns?
80% of campaigns are AI-crafted, with quishing increasing by 400% and vishing by 440%. Darktrace reports a 32-38% rise in such threats.
What warnings has Wells Fargo issued about generative AI scams?
Wells Fargo warns of genAI emails and invoices that receive 4x more clicks, along with 3-second voice clones used in scams. Their fraud team highlights how AI elevates online scams to fool even experienced professionals.
How are agentic AI bots used in modern phishing?
At RSAC, Phishing 3.0/4.0 involves multi-channel agentic AI bots that evade fingerprints for payment fraud. These bots enable scalable, sophisticated attacks like those discussed in ITEXPO.
What defenses are recommended against AI-driven threats like LLM jailbreaks?
Paladin offers LLM defenses, while broader measures address social AI scams on accounting firms and custom fonts bypassing AI defenses, as noted in CyberheistNews.
ClickFix active with Remcos/MacSync via AI lures targeting creds/Keychain/crypto; new custom fonts/CSS evasion fools AI detectors (LayerX PoC); SADOS hyper-personalized BEC; RSAC Phishing 3.0/4.0 multi-channel with agentic AI bots evading fingerprints for payment fraud; 80% AI-crafted campaigns, quishing +400%, vishing +440%; Wells Fargo warns of genAI emails/invoices (4x clicks), 3s voice clones; Darktrace 32-38% rise.