ClickFix style attacks, which have already become an increasingly popular social engineering tool to spread malware, have now evolved to include new steps to trick users into infecting their own computers. As reported by BleepingComputer, the malware now features video instructions that guide victims through the download process in order to help them unknowingly give their machines a nasty malware infection.
In previous ClickFix attacks, targets have been fooled by social engineering style tricks – sometimes a false identity verification request or a software problem that requires a “fix” – which then leads them to a malicious webpage that requires them to copy, paste and execute code or commands. Doing so launches a payload, typically an infostealer that harvests personal or sensitive data from the victim's computer which is then sent back to the attackers.
Sometimes there may also be a counter which reads “users verified in the last hour” to add a feeling of legitimacy while making the window appear as if it's a Cloudflare bot check tool.
In a blog post, Push Security reveals that these advanced-style attack pages are being promoted through malvertising or malicious advertising on Google Search, exploiting known flaws in outdated WordPress plugins that compromise legitimate websites which have malicious JavaScript injected on the pages or sites that are “vibe coded” to use SEO poisoned tactics to make them rank higher in results.
How to stay safe from ClickFix attacks
The hackers behind ClickFix campaigns use your preexisting knowledge and online habits to get you to do something you otherwise normally wouldn't. They might also use a sense of urgency to get you to visit one of the malicious sites used in this campaign.
If you do see a verification pop-up with instructions, close the website immediately and whatever you do, don’t interact with it or follow its instructions.
Being asked to open a Terminal or Command Prompt window on your computer is a major red flag. Researchers have recommended that users remember that executing code on the terminal should never be a part of any online based verification process and no copied commands should ever be executed unless the user fully understands what they will do.
It also never hurts to have strong protections when online – one of the best antivirus software solutions can keep your Windows PCs protected while the best Mac antivirus software is specifically designed for your Apple computer. These paid solutions also provide you with plenty of useful extra features like secure browsers that warn you about suspicious websites and downloads, ransomware rollback, a VPN, and more.
Given that ClickFix attacks have been quite successful so far since it's the victims and not the hackers doing most of the work, I seriously doubt cybercriminals are going to stop using these tactics anytime soon. That's why it's up to you to be extremely careful online and practice good cyber hygiene at all times.
More from Tom's Guide
- Google issues security warning for millions — AI-powered malware is here
- Over 200 malicious apps were downloaded more than 40 million times from the Google Play Store this year
- These 12 malicious Android apps are recording your conversations — delete them right now
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
