- ClickFix now uses OS detection, timers, and video guides to boost malware delivery success
- Attackers host popups on compromised sites and promote them via Google malvertising
- Victims are tricked into running malware via fake problem/solution instructions in system dialogs
The dreaded malware deployment technique known as ClickFix is evolving, and now comes with a timer, video instructions, and automatic detection of the victim’s operating system, experts have warned.
ClickFix is a malware delivery scam that uses the problem/solution method – it first identifies a “problem” and then offers a “solution”. That problem can be a myriad of things, from “your computer is infected with malware” to “solve this CAPTCHA if you want to view the content”. The solution is almost always the same: copying and pasting a command in the Windows Run program (or its Linux/macOS equivalent) that deploys a malware dropper and through it – an infostealer or something even more sinister.
Usually, the instructions for the solution were written on the “problem” popup, but cybersecurity researchers Push Security recently observed an attack with video instructions, designed to make the entire process feel less suspicious and more credible. It also comes with a fake counter of the number of people that “verified” in the last hour, probably serving as a secondary credibility mechanic.
Stolen websites and malvertising
At the same time, the popup also came with a one-minute timer, pressuring the victim into moving fast instead of pausing to think about what they’re doing.
Finally, the new ClickFix scripts first check to see which operating system the victim is running, in order to display the right video and the proper instructions for the malware download.
The ClickFix popups need to be hosted somewhere, and that is usually done on legitimate, but compromised, websites. Push Security says that in this latest campaign, the attackers not only compromised the sites, but also launched malvertising campaigns on Google Search.
Defending against ClickFix remains the same – slow down and think before you click, update your operating systems and software, and make sure to run a reputable antimalware solution.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
The post Experts warn ClickFix malware attacks are back, and more dangerous than ever before – here’s how to stay safe first appeared on TechToday.
This post originally appeared on TechToday.