On February 2026, Anvilogic confirmed active exploitation of a ClickFix campaign delivering the MacSync infostealer to macOS users. The operation combined compromised Google Ads accounts, publicly shareable AI-generated content, and native macOS utilities to socially engineer users into executing obfuscated shell commands.