Hackers have devised a new, deceptive method to trick users into installing a malware named ClickFix, according to cybersecurity firm Proofpoint. The scheme involves enticing users with fake solutions to common errors in popular services such as Chrome, OneDrive, and Microsoft. Once users download and execute these “fixes” by clicking the Copy fix button, they unwittingly run a PowerShell or a Windows Run dialogue command that compromises their systems.
This dialogue installs a “root certificate” to flush the DNS cache, remove the clipboard content, show a fake message, and install an additional remote PowerShell script that does an anti-VM check before the info-stealer is installed. Various hacker groups, including those responsible for ClearFake, allegedly use this method. Proofpoint details how hackers exploit jeopardized sites by incorporating a malicious script handed over by Binance’s Smart Chain contract on the blockchain to spread malware and infect susceptible Windows computers.
The script will perform a series of checks to see if your computer is an acceptable candidate before downloading more payloads. It doesn’t end there since users also need to be aware of an email-based threat that uses HTML attachments with a Word look to them. These attachments will encourage users to download a “Word Online” extension to see the file.
This other threat also has a high level of user interaction since a PowerShell command needs to be executed. Proofpoint spotted payloads such as Matanbuchus, DarkGate, NetSupport, XM Rig, Amadey Loader, a clipboard hijacker, and Lumma Stealer.
As scary as this might sound, there are plenty of precautions you can take to prevent falling victim to this type of sneaky attack. One such precaution is using one of the best antivirus programs, such as Norton or Bitdefender. Always be careful with the attachments you download, even from a trustworthy source. Remember never to copy or paste any code unless you know what it does.
By taking these precautions and staying informed on the latest threats, you can increase your chances of avoiding them.
Editors’ Recommendations
