Digital classroom tool iClicker was compromised between April 12 and April 16th by a ClickFix attack, which uses a fake CAPTCHA to trick victims into installing malware. As reported by BleepingComputer, this particular hack attempted to fool students and instructors into pressing “I’m not a robot” in order to verify themselves. However, instead of proving they were human, they actually copied a PowerShell script onto their Windows clipboard.
The convincing-looking CAPTCHA requests victims to open a Windows Run dialog (Win + R) and then use Ctrl + V to unknowingly paste the PowerShell script into it. The user then executes the malware by pressing Enter to “verify” themselves. The PowerShell script varied depending on the type of visitor, so it was difficult to determine what type of malware was installed, though ClickFix attacks often install infostealers.
How to stay safe from malware
According to the iClicker security bulletin, the company recommends that any faculty member or student who may have clicked on a false CAPTCHA during the April 12-16th time period, should run a full scan using the best antivirus security software to make sure their devices remain protected.
Users who accessed iClicker while the site was compromised and followed the fraudulent CAPTCHA instructions should also change their iClicker password, and especially if the command was executed, change all the other passwords stored on their computer to unique and strong ones. You can always use one of the best password managers to help with this.
It's worth keeping in mind that anyone who accessed iClicker using the mobile app or who did not encounter the fake CAPTCHA is not at risk. However, it's certainly still worth being aware of this scam and others like along with how to schedule scans with your antivirus software which should absolutely be kept up to date too.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
