Researchers over at Malwarebytes Labs have recently observed a resurgence of a well-known social engineering technique called ClearFake or ClickFix.
Researchers over at Malwarebytes Labs have recently observed a resurgence of a well-known social engineering technique called ClearFake or ClickFix.
This new scam, dubbed the "Fix It" tricks users into manually executing malicious PowerShell commands by by copying harmful code to their clipboard and then tricking them into pasting it into the Run dialog box, allowing attackers to bypass antivirus software and directly infect devices using the victim.
The attackers create a false sense of security by mimicking popular websites, so users follow their instructions without hesitation. Once on the site, a fake alert tells users to "fix" the problem by running a PowerShell command.
This is done by asking them to press certain key combinations, such as Windows+R, in order to open the Run dialog box where the copied command is pasted and executed by pressing Enter. The malware is then downloaded and installed.
The malicious payload can then wreak havoc, stealing sensitive data like login credentials and financial information, compromising the victim's system by installing additional malware or ransomware, or even turning the infected device into a botnet to carry out large-scale attacks.
To keep yourself safe, it’s important to be aware of common phishing tricks like creating a false sense of urgency, using fear or intimidation, pretending to be a legitimate service, and flattery. Be cautious of such unexpected prompts to execute commands or download software and make sure you always verify the source of such requests and avoid clicking on suspicious links or downloading files from unknown sources. Also, watch out for typosquatting, where attackers create fake websites with similar domain names to trick you into visiting.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.