Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to malware
Malware

IUAM ClickFix Generator

IUAM ClickFix Generator is a web-based phishing kit used to operationalize the ClickFix social-engineering technique and enable lower-skill threat actors to deliver malware. Palo Alto Networks Unit 42 reported that it generates customizable phishing pages that mimic browser verification or challenge-response screens used by CDNs and cloud security providers, including Cloudflare-themed lures. The kit allows operators to customize page titles, domains, content, and prompts, and can automatically inject JavaScript to copy a malicious command to the victim’s clipboard. It detects whether the visitor is on mobile, Windows, or macOS, can instruct mobile users to switch to desktop, and can tailor the copied command to the victim operating system. Reported capabilities also include obfuscation options.

Observed campaigns used pages created by IUAM ClickFix Generator, or a variant, to target Windows and macOS users and deliver infostealer malware. Specifically, reporting states it has been used to deploy DeerStealer and Odyssey Stealer, with one campaign tied to the Odyssey malware-as-a-service ecosystem. The content indicates the kit reduces the effort required to run convincing ClickFix campaigns and reflects a broader commoditization trend similar to phishing-as-a-service. High-confidence behavior described in the reporting centers on fake verification lures, clipboard manipulation, OS-aware payload delivery, and use in phishing-driven malware distribution.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app
risky biz rssNews
Oct 10, 2025
Risky Bulletin: EU scraps Chat Control vote

IUAM ClickFix Generator is a phishing kit that creates phishing pages with a built-in ClickFix challenge to bypass security measures.

Read more
help net securityNews
Oct 8, 2025
Researchers uncover ClickFix-themed phishing kit

IUAM ClickFix Generator is a web-based phishing kit that enables attackers to create customizable phishing pages mimicking browser verification challenges. It facilitates the delivery of malware, particularly infostealers, by tricking users into copying and executing malicious commands tailored to their operating system.

Read more
the hacker newsNews
Oct 8, 2025
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

A phishing/landing-page kit that generates ClickFix-style fake browser/CDN verification challenges, supports clipboard manipulation and OS detection, and is used to deliver compatible malware payloads.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.