- ClickFix now uses OS detection, timers, and video guides to boost malware delivery success
- Attackers host popups on compromised sites and promote them via Google malvertising
- Victims are tricked into running malware via fake problem/solution instructions in system dialogs
The dreaded malware deployment technique known as ClickFix is evolving, and now comes with a timer, video instructions, and automatic detection of the victim’s operating system, experts have warned.
ClickFix is a malware delivery scam that uses the problem/solution method – it first identifies a “problem” and then offers a “solution”. That problem can be a myriad of things, from “your computer is infected with malware” to “solve this CAPTCHA if you want to view the content”. The solution is almost always the same: copying and pasting a command in the Windows Run program (or its Linux/macOS equivalent) that deploys a malware dropper and through it – an infostealer or something even more sinister.
Usually, the instructions for the solution were written on the “problem” popup, but cybersecurity researchers Push Security recently observed an attack with video instructions, designed to make the entire process feel less suspicious and more credible. It also comes with a fake counter of the number of people that “verified” in the last hour, probably serving as a secondary credibility mechanic.
At the same time, the popup also came with a one-minute timer, pressuring the victim into moving fast instead of pausing to think about what they’re doing.
Finally, the new ClickFix scripts first check to see which operating system the victim is running, in order to display the right video and the proper instructions for the malware download.
The ClickFix popups need to be hosted somewhere, and that is usually done on legitimate, but compromised, websites. Push Security says that in this latest campaign, the attackers not only compromised the sites, but also launched malvertising campaigns on Google Search.
Defending against ClickFix remains the same – slow down and think before you click, update your operating systems and software, and make sure to run a reputable antimalware solution.
Via BleepingComputer
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News andadd us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
