ClickFix
ClickFix attack uses fake Windows Update screen to push malware
ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. ClickFix is a social-engineering attack where users are convinced to paste and execute in Windows Command Prompt code or commands that lead to running malware on the system. The attack […]
Decades-old ‘Finger’ protocol abused in ClickFix malware attacks
The decades-old “finger” command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. In the past, people used the finger command to look up information about local and remote users on Unix and Linux systems via the Finger protocol, a command later added to Windows. While still supported, it’s […]
ClickFix malware attacks evolve with video instructions and OS detection
ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic detection of the operating system to provide the correct commands. In a typical ClickFix attack, the threat actor relies on social-engineering to trick users into pasting and executing code or […]
PhantomCaptcha ClickFix attack targets Ukraine war relief orgs
A spearphishing attack that lasted a single day targeted members of the Ukrainian regional government administration and organizations critical for the war relief effort in Ukraine, including the International Committee of the Red Cross, UNICEF, and various NGOs. Dubbed PhantomCaptcha, the one-day campaign attempted to trick victims into running commands used in ClickFix attacks, disguised as […]
New FileFix attack uses cache smuggling to evade security software
A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim’s system and bypassing security software. The new phishing and social engineering attack impersonates a “Fortinet VPN Compliance Checker” and was first spotted by cybersecurity researcher P4nd3m1cb0y, who shared information about it on X. In […]
New FileFix attack uses steganography to drop StealC malware
A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing the StealC infostealer malware. FileFix is a new variant of the ClickFix family of attacks, which uses social engineering attacks to trick users into pasting malicious commands into operating system dialog boxes as supposed “fixes” for problems. The FileFix technique was […]
Fake Mac fixes trick users into installing new Shamos infostealer
A new infostealer malware targeting Mac devices, called ‘Shamos,’ is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. The new malware, which is a variant of the Atomic macOS Stealer (AMOS), was developed by the cybercriminal group “COOKIE SPIDER,” and is used to steal data and credentials stored in web browsers, […]
New FileFix attack weaponizes Windows File Explorer for stealthy commands
A cybersecurity researcher has developed FileFix, a variant of the ClickFix social engineering attack that tricks users into executing malicious commands via the File Explorer address bar in Windows. FileFix, a variation of the social-engineering attack called ClickFix, allows threat actors to execute commands on the victim system through the File Explorer address bar in […]
Discord flaw lets hackers reuse expired invites in malware campaign
Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. The campaign relies on a flaw in the Discord invitation system to leverage multi-stage infections that evade multiple antivirus engines. “Reviving” expired Discord invites Discord invite links are URLs that allow someone to join […]
TikTok videos now push infostealer malware in ClickFix attacks
Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks. As Trend Micro recently discovered, the threat actors behind this TikTok social engineering campaign are using videos likely generated using AI that ask viewers to run commands claiming to activate Windows and Microsoft Office, as well […]