[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqlZX0btYlG-0IhvZAeIp6HBK3HHaWzm6EV-KW0LH3mk":3},{"article":4,"iocs":46},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":26,"category":27,"article_tags":30},"ca9c368e-922d-4cab-b14c-2c0e02118d67","Finger protocol LOLBin #ClickFix campaign that uses fake AI tools, background removers and Linked...","finger-protocol-lolbin-clickfix-campaign-that-uses-fake-ai-tools-background-remo-8333f0","Finger protocol LOLBin #ClickFix campaign that uses fake AI tools, background removers and LinkedIn lures and injects “finger &lt;username&gt; @ C2” with 12+ lure domains containing fake reCAPTCHA, 6 Finger usernames and 6 rotating C2 domains. Details at: https:\u002F\u002Ft.co\u002FGhinrrsDgK https:\u002F\u002Ft.co\u002Ff2WfGgex1l","The #ClickFix campaign leverages fake AI tools, background removers, and LinkedIn-themed lures to trick users into executing malicious commands via the Finger protocol, a living-off-the-land binary (LOLBin). The attack infrastructure includes 12+ lure domains with fake reCAPTCHA overlays, 6 Finger usernames, and 6 rotating C2 domains designed to evade detection and maintain command-and-control persistence.","ClickFix campaign abuses Finger protocol LOLBin via fake AI tools and LinkedIn lures to inject C2 commands.",null,"https:\u002F\u002Fx.com\u002FUnit42_Intel\u002Fstatus\u002F2051682397188435977","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHHkKNlFXgAEph_J.png","2026-05-05T15:16:16+00:00","2026-05-05T16:00:09.00123+00:00",8,[18,21,24],{"name":19,"type":20},"ClickFix","campaign",{"name":22,"type":23},"Finger protocol","technology",{"name":25,"type":23},"reCAPTCHA (spoofed)","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":26,"icon":11,"name":28,"slug":29},"Malware","malware",[31,36,41],{"category":32},{"id":33,"icon":11,"name":34,"slug":35},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":37},{"id":38,"icon":11,"name":39,"slug":40},"2c8f44d4-b56e-47cf-9677-04f22c9ee78d","Identity & Access","identity-access",{"category":42},{"id":43,"icon":11,"name":44,"slug":45},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[47],{"type":29,"value":19,"context":48},"Campaign abusing Finger protocol LOLBin for C2 injection via social engineering lures"]