ClickFix Attack Targeting Windows and Mac Users to Steal User Data
The scripts deploy malware on these devices, and the “payloads affect Windows and macOS devices,” according to Microsoft, which leads to “information theft and data exfiltration.” The malware, however, can be anything from a type of initial access for ransomware to an entry point for attacking a larger enterprise network.
Initially, ClickFix surfaced as a technical assistance pop-up before moving to Captchas. Fake challenges to use a website are now using a copy, paste, and run command instead of your standard ‘choosing the correct cars and bus’ challenge. The user is instructed to click prompts and copy, paste, and run commands “directly in the Windows Run dialog box, Windows Terminal, or Windows PowerShell,” Microsoft says, and it’s usually blended with “delivery vectors such as phishing, malvertising, and drive-by compromises, most of which even impersonate legitimate brands and organizations to reduce suspicion from their targets further.”
Users should be careful not to run these prompts. You may be lured in various ways that seem innocent, but never copy and paste and run a script in Windows. You can be safe this way. However, as it happens, due to the advancement of these attacks, the awareness part is lacking on the users’ end.
As ClickFix depends on human prompts to start the malicious commands, it can dodge traditional and automated security checks. Organizations can limit the effect of this tactic by “educating users in recognizing its lures and by implementing policies that will harden device configurations,” Microsoft says.
Microsoft’s latest report provides in-depth details about the various baits and attack techniques cybercriminals are using. According to Microsoft, “A typical ClickFix attack begins with threat actors using phishing emails, malvertisements, or compromised websites to lead unsuspecting users to a visual lure — usually a landing page — and trick them into executing a malicious command themselves.”
