- ClickFix now uses OS detection, timers and video guides to increase malware delivery success
- Attackers host pop-ups on compromised websites and promote them via Google malvertising
- Victims are tricked into running malware via fake problem/solution instructions in system dialogs
The dreaded malware deployment technique known as ClickFix is ββin development and now comes with a timer, video instructions and automatic detection of the victim’s operating system, experts have warned.
ClickFix is ββa malware delivery scam that uses the problem/solution approach – it first identifies a “problem” and then offers a “solution”. That problem can be any number of things, from “your computer is infected with malware” to “solve this CAPTCHA to see the content”. The solution is almost always the same: to copy and paste a command into the Windows Run program (or its Linux/macOS equivalent) that deploys a malware dropper and through it – an infostealer or something even more sinister.
Usually, the instructions for the solution were written on the “problem” popup, but cybersecurity researchers Push Security recently observed an attack with video instructions, designed to make the whole process feel less suspicious and more believable. It also comes with a fake counter for the number of people who “verified” in the last hour, which likely serves as a secondary credibility mechanic.
Stolen websites and malvertising
At the same time, the popup also came with a one-minute timer, pushing the victim to move quickly instead of pausing to think about what they are doing.
Finally, the new ClickFix scripts first check to see what operating system the victim is running in order to display the correct video and instructions for the malware download.
The ClickFix popups must be hosted somewhere, and this is usually done on legitimate, but compromised, websites. Push Security says that in this latest campaign, the attackers not only compromised the websites, but also launched malvertising campaigns on Google Search.
Defenses against ClickFix remain the same – slow down and think before you click, update your operating systems and software, and make sure you’re running a reputable antimalware solution.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
