Get Started By Clicking On A Link Below:
Think Before You Click! Beware of New ClickFix Attacks
What is ClickFix?
ClickFix is a new technique used by cyber criminals that uses dialogue boxes containing messages that attempt to trick you into copy, pasting, and running malicious commands on your device. ClickFix typically involves giving instructions to fix technical issues, solve CAPTCHAs, or provide “verification” that involve clicking prompts and copying, pasting, and running commands directly on your system. ClickFix is often delivered via malicious websites, pop-up advertisements, or even through real websites that have been compromised by a cyber criminal. In some cases, ClickFix can also be delivered through targeted email / attachments. The goal of this article is to help you recognize a ClickFix attack and prevent yourself from falling victim to cyber criminals.
How to identify a ClickFix attack?
ClickFix attacks typically begin with the display of a message that requires a “quick fix” to common computer issues such as performance issues, missing drivers, updates, or other pop-up errors. The image below shows an example of a Windows Update related ClickFix. In this example, note that the messaging requires you to take action on your computer by opening up the Windows run prompt (denoted by the Windows icon + R) and pasting with Ctrl + V. Once the content is pasted, the cyber criminal has successfully compromised your system!
Another common way that a ClickFix attack is delivered is through a fake verification such as a CAPTCHA (i.e. verify you are human prompt). Instead of clicking on matching images or typing obscured text, the website will ask you to open the Windows run prompt and paste content with Ctrl + v.
With both delivery methods, the ClickFix attack requires you to paste content from the internet on your computer. In the example below, the pasted content directly leads to a computer compromise
Always be aware of the content that you copy and paste and never paste content in your command line, terminal, Windows PowerShell, or Windows Run dialogue (Win + R)!
Are there other forms of ClickFix?
Cyber criminals are constantly coming up with new ways to trick you into granting them access to your computer and your personal data. With the increased use of anti-malware software, cyber criminals often rely on you to bypass your own security measures. By pasting content directly into your system, cyber criminals take advantage of your authorization to gain access. Aside from using the Windows run dialogue, cyber criminals may also trick you into pasting content into the command line directly. For Mac users, ClickFix attacks may mention the Mac Terminal. A newer technique uses Windows file explorer as a way to deliver the malicious scripts as shown below, also known as “FileFix”
In all cases, the cyber criminals will trick you into pasting content into your computer, so it is important to recognize this threat and never paste any un-trusted content anywhere on your system!
For more resources and tips, visit https://www.hawaii.edu/infosec/resources-tips/