Clickfix uses false sites and deceptive messages to induce the user to make malware. Here’s how to recognize it and defend yourself.
Imagine receiving a link to join a video call on Google Meet. Click, but instead of participating in a meeting, ended up on a page that shows a fake error message and suggests copying and pasteing a code to “solve the problem”. That code, however, is a malware: a harmful software designed to steal your data or take control of the computer. This new computer attack technique is called Clickfix And it is spreading rapidly. As? Taking advantage of the trust of users towards platforms considered safe, such as Google Meet, Zoom or Booking.com, to convince them to manually perform the action that will infect their device.
How work Clickfix
The trick at the base of Clickfix It is as simple as effective: the cybercriminal creates a web page that perfectly imitates the official website of a well-known service, changing the addresses so that they seem authentic (for example “Meet.google.com- Jain.us”), even if they actually lead to malicious sites. The user receives a phishing email – that is, a deceptive message that seems to come from reliable sources – who invites him to click on a link or download an attachment. Once you land on the trap page, a false error warning suggests pinging a command in PowerShell (on Windows) or starting an apparently harmless file (on macOS). In this way, the malware is performed directly by the victim, in many cases, antivirus and automatic protection systems.
Who is behind Clickfix
According to the analyzes of several cybersiculia companies, the Clickfix campaign would be managed by known groups in the undergrowth of cyberc crime, such as Slavic Nation Empire And Flip. These move in dark environments of the web, often linked to the sale of “turnkey” hacking services, known as Malware-AS-A-Service. It is possible that they use a shared infrastructure, managed by still unknown organizations, which provide them with tools, fake domains and ready -made codes. Among the most popular malware through Clickfix there are “stealer“: specialized programs in stealing passwords, bank data and sensitive information. Names such as Stealc, Rhadamanthys And Atomic They are now known to experts, but emerge new ones at a tight pace.
How to defend yourself from Clickfix
The Clickfix technique represents a quality leap in phishing because it requires an active interaction of the victim, making it more difficult for automatic systems to detect the attack. To protect yourself, it is essential to pay attention to any unusual request that comes via email or chat, even if it seems to come from safe sources.
A simple control of the web address can often unmask a counterfeit site. In addition, you should not trust messages that invite you to copy codes to system terminals or to open executable files from unofficial links. Experts recommend keeping browser and antivirus updated, but the real weapon against scams like Clickfix remains prudence: the weak point of this scheme is the need to deceive the user and push him to act.
