MalwareMay 5, 2026

Finger protocol LOLBin #ClickFix campaign that uses fake AI tools, background removers and Linked...

ClickFix campaign abuses Finger protocol LOLBin via fake AI tools and LinkedIn lures to inject C2 commands.

Summary

The #ClickFix campaign leverages fake AI tools, background removers, and LinkedIn-themed lures to trick users into executing malicious commands via the Finger protocol, a living-off-the-land binary (LOLBin). The attack infrastructure includes 12+ lure domains with fake reCAPTCHA overlays, 6 Finger usernames, and 6 rotating C2 domains designed to evade detection and maintain command-and-control persistence.

Indicators of Compromise

malware — ClickFix

Entities

ClickFix (campaign)Finger protocol (technology)reCAPTCHA (spoofed) (technology)