ClearDraft

ClearDraft

ClickFix: How to Infect Your PC in Three Easy Steps


Experts Warn: Three Easy Ways to Infect Your PC With ClickFix


ClickFix malware scam, initially seen in targeted attacks, now widespread. Visitors tricked into downloading password-stealing malware via fake CAPTCHA tests.

A sophisticated malware scheme, initially identified in targeted assaults, has now become widespread. This scheme, known as “ClickFix,” tricks visitors to compromised or malicious websites into downloading password-stealing malware by prompting them to press specific keyboard keys that trigger Microsoft Windows actions.

The ClickFix attacks mimic the common “Verify You are a Human” tests used by many websites to differentiate real users from automated bots. This deceptive ploy typically begins with a website popup resembling a CAPTCHA designed to distinguish humans from bots.

By clicking the “I’m not a robot” button, users are led through three sequential steps to prove their humanity. The first step involves pressing the Windows key and the letter “R” simultaneously, activating a Windows “Run” prompt. The second step requires pressing the “CTRL” key and the letter “V” simultaneously, pasting malicious code from the site’s virtual clipboard. Finally, the third step involves pressing the “Enter” key, triggering the download and execution of malicious code through “mshta.exe,” a Windows program for running Microsoft HTML application files.

This malicious campaign deploys various types of commodity malware, such as XWorm, Lumma stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT, as revealed by Microsoft. The attackers impersonate Booking.com to deceive hospitality industry workers into downloading credential-stealing malware.

Furthermore, ClickFix attacks targeting healthcare workers have been identified using malicious code embedded in the popular physical therapy video site HEP2go. Various forms of ClickFix attacks are reported, including fabricated Google Chrome error pages and fake Facebook prompts.

The ClickFix attack’s reliance on mshta.exe echoes long-standing phishing tactics that embed exploits within Microsoft Office macros. To combat this threat, email security measures have been implemented to deter ClickFix attacks through phishing emails containing HTML attachments masquerading as Microsoft Office files, urging users to click on fake error messages.

Organizations can safeguard against these attacks by implementing Microsoft Group Policy restrictions that prevent the execution of the “run” command when specific keyboard combinations are pressed.


Published on: 2025-03-14 22:15:00 | Author: BrianKrebs

🔗 Source
Iran using drones, digital technology to enforce mandatory hijab laws: UN report

Iran using drones, digital technology to enforce mandatory hijab laws: UN report

Iran Leveraging Drones and Tech to Enforce Mandatory Hijab Laws: UN Study Iranian government using drones and digital tech to…
SpaceX launches relief crew for NASA's beleaguered Starliner astronauts on ISS (video)

SpaceX launches relief crew for NASA's beleaguered Starliner astronauts on ISS (video)

“SpaceX sends relief crew to aid NASA’s troubled Starliner astronauts on ISS” Four astronauts lifted off to the International Space…
Flint’s Latinx Technology & Community Center breaks ground on bilingual early education facility

Flint’s Latinx Technology & Community Center breaks ground on bilingual early education facility

Groundbreaking Latinx Tech Center launches bilingual early education hub in Flint Flint Latinx Technology & Community Center announces new Bilingual…
Threat Actor Impersonates Booking.com in Phishing Scheme

Threat Actor Impersonates Booking.com in Phishing Scheme

“Booking.com Impersonated by Threat Actor in Phishing Attack” Learn about Microsoft’s report on a sophisticated phishing campaign utilizing the social…
ClickFix: How to Infect Your PC in Three Easy Steps

ClickFix: How to Infect Your PC in Three Easy Steps

Experts Warn: Three Easy Ways to Infect Your PC With ClickFix ClickFix malware scam, initially seen in targeted attacks, now…
The dawn of agentic AI: Are we ready for autonomous technology?

The dawn of agentic AI: Are we ready for autonomous technology?

“Embracing the Rise of Agentic AI: Preparing for Autonomous Technology” Agentic AI poses a potential threat against fraud by exploiting…
‘Resorts for the spirit’: Touring Kagawa’s art and architecture

‘Resorts for the spirit’: Touring Kagawa’s art and architecture

“Soulful Sightseeing: Exploring Kagawa’s Art and Architecture Paradise” Discover the art and culture of Takamatsu and Marugame in Kagawa Prefecture,…
OpenAI’s strategic gambit: The Agents SDK and why it changes everything for enterprise AI

OpenAI’s strategic gambit: The Agents SDK and why it changes everything for enterprise AI

Unlocking Enterprise AI with OpenAI’s groundbreaking Agents SDK OpenAI reshapes enterprise AI with a comprehensive agent-building platform. Learn about this…
Live Event: The Hypersonics Revolution – A Conversation with Mark Lewis

Live Event: The Hypersonics Revolution – A Conversation with Mark Lewis

“Breaking News: The Hypersonics Revolution Unveiled in Exclusive Interview” Join the conversation on hypersonic technology with expert Mark Lewis on…
UA Platform Segwise Launches Creative Analytics AI Agent

UA Platform Segwise Launches Creative Analytics AI Agent

“New AI Agent from UA Platform Enhances Creative Analytics for Businesses” Segwise AI launches Creative Analytics AI Agent for mobile…

Copyright ©cleardraft 2025