This sneaky malware variant has been caught using fake Windows Update screens to trick users into installing info-stealing software themselves

If you’re anything like me, you keep a sharp eye on your Windows Defender updates to make sure your PC is protected against the latest threats. However, while Defender is remarkably good at catching dodgy files these days, it can’t do a whole lot about users bypassing its security methods themselves, if convinced to do so.

Which is precisely what a new variant of known malware ClickFix has been caught doing: Tricking users into thinking that an innocent Windows Update requires them to paste a malicious command into the Run window (via Bleeping Computer). Researchers at security services provider Huntress have detailed the novel new method in a blog post, and it’s quite the feat of social engineering.

Essentially, a browser window containing a full-screen version of what looks to be a Windows Update screen launches, with the familiar blue background (although with a suspicious-looking font). After the update is “complete”, the last step prompts the user to hold the Windows key and R, opening a Run instance.

Unfortunate victims are then told to press Ctrl+V, which pastes a malicious code into the Run prompt automatically copied to the machine’s clipboard. Pressing Enter activates a PowerShell command, which in turn decrypts and loads a sequence of reflective .NET assemblies used for process injection.

After a convoluted sequence of evasion tactics, a .png file containing shellcode is reconstructed, eventually installing an infostealer variant. It’s a remarkably involved process, all begun by the user kicking off the main sequence of events themselves.

Huntress goes into more detail as to exactly how a dodgy .png file can be used to inject malware into your system, but if I were to explain it all here, I’d need eight more paragraphs and quite possibly a short nap. It’s a very novel approach, put it that way, but it’s the social engineering aspect of this particular “lure” that has me intrigued.

After all, I’m forever telling my friends and relatives to keep Windows updated as a best security practice, but I can’t do a whole lot to protect the less vigilant of them from falling for a relatively convincing fake.

As a final PSA, though, I’d say that Windows Update should never ask you to interact with any system processes yourself, and you also shouldn’t accept free candy from strangers. That oughta do it, don’t you think?

1. Best gaming chair: Secretlab Titan Evo

2. Best gaming desk: Secretlab Magnus Pro XL

3. Best gaming headset: Razer BlackShark V3

4. Best gaming keyboard: Asus ROG Strix Scope II 96 Wireless

5. Best gaming mouse: Razer DeathAdder V4 Pro

6. Best PC controller: GameSir G7 Pro

7. Best steering wheel: Logitech G Pro Racing Wheel

8. Best microphone: Shure MV6 USB Gaming Microphone

9. Best webcam: Elgato Facecam MK.2

👉Check out our list of guides👈