THREATNOIR
Subscribe
Back to Feed
MalwareApr 30, 2026

#ClickFix style campaign operated eight bulk registered 588gj*[.]shop lure domains impersonating...

ClickFix-style campaign uses 588 bulk-registered domains impersonating PureClaw AI software to deliver backdoors and

Read at source

Summary

A threat campaign leveraging the ClickFix attack pattern has registered approximately 588 malicious domains mimicking legitimate AI software 'PureClaw' to distribute multi-stage payloads. The injected malware includes backdoors, AI-gateway implants, and ransomware droppers delivered through rotating final-stage payloads. This represents a sophisticated supply-chain-adjacent attack targeting users seeking AI tools.

Indicators of Compromise

  • malware — PureClaw (spoofed)

Entities

ClickFix (campaign)AI software (technology)