ClickFix malware tricks you into infecting your own Windows PC

ClickFix is simply a societal engineering instrumentality that hackers person been utilizing much and much since aboriginal 2024 to dispersed malware.

It fools you into moving malicious commands connected your ain computer, and the onslaught is present much communal than ever. Hackers are getting radical to instal password-stealing malware by making them property a bid of keyboard shortcuts, each nether the pretense of proving they're not bots. 

Bots are automated machine programs that execute repetitive tasks online, often mimicking quality behavior. By tricking you into proving they're not bots, hackers exploit your deficiency of knowing astir these automated systems to marque you unwittingly instal malware.

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS – SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

A idiosyncratic moving connected a laptop (Kurt "CyberGuy" Knutsson)

What you request to know

As reported by KrebsOnSecurity, the latest ClickFix run tricks you into installing password-stealing malware nether the guise of a regular "Verify You Are a Human" test. Initially seen successful targeted attacks, it has present gone mainstream, affecting industries similar hospitality and healthcare.

The scam begins erstwhile you sojourn a hacked oregon malicious website and spot a fake CAPTCHA-style prompt. Clicking the "I’m not a robot" fastener triggers a acceptable of instructions asking you to property circumstantial keyboard shortcuts. First, you are told to property Windows + R, which opens the Windows Run dialog. Then you are instructed to property CTRL + V, which pastes a malicious publication copied from the website’s virtual clipboard. If you property enter, a publication is executed that downloads and runs malware. 

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Cybercriminals are utilizing phishing emails and malicious websites to dispersed ClickFix. The hospitality manufacture has been heavy targeted, with attackers impersonating Booking.com and sending fake emails referencing impermanent reviews oregon promotions. Clicking connected links successful these emails directs you to a ClickFix trap. Healthcare workers person besides been targeted, with malicious codification embedded into the wide utilized carnal therapy tract HEP2go. 

Once ClickFix is connected your PC, it installs assorted types of malware, including password stealers similar XWorm, Lumma Stealer and DanaBot, which extract your login credentials and fiscal information. Some versions present distant entree trojans similar VenomRAT and AsyncRAT, giving attackers afloat power implicit your system. Others deploy NetSupport RAT, a distant entree instrumentality commonly misused for cyber espionage.

Executing this bid of keypresses prompts Windows to download password-stealing malware. (KrebsOnSecurity)

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION 

Previous ClickFix attacks

Security researchers judge ClickFix has been targeting radical since March 2024. I reported connected the malware backmost successful June 2024 erstwhile it posed arsenic fake Google Chrome, Word and OneDrive errors to instrumentality users into downloading harmful code. Just similar successful the existent campaign, attackers prompted victims to click a fastener that copied a PowerShell "fix" to the clipboard, past paste and tally it successful a Run dialog oregon PowerShell prompt.

By November 2024, attackers had expanded their targets to Google Meet users. The scam started with an email containing a nexus to a Google Meet session, often disguised to look arsenic if it were from the victim's organization. This nexus leads to an invitation for a meeting, webinar oregon online collaboration. Clicking the nexus directed the unfortunate to a fake Google Meet page, which displayed a informing claiming determination was an contented with their PC, specified arsenic problems with their microphone, camera oregon headset.

The onslaught was besides seen successful fake Chrome mistake pages and Facebook login prompts, further spreading the malware crossed antithetic platforms and expanding its reach.

This malware onslaught pretends to beryllium a CAPTCHA intended to abstracted humans from bots. (KrebsOnSecurity)

OUTSMART HACKERS WHO ARE OUT TO STEAL YOUR IDENTITY

6 ways you tin enactment harmless from ClickFix malware

To support yourself from the evolving menace of ClickFix malware, which continues to people users done blase societal engineering tactics, see implementing these six indispensable information measures.

1. Be skeptical of CAPTCHA prompts: Legitimate CAPTCHA tests ne'er necessitate you to property Windows + R, transcript commands oregon paste thing into PowerShell. If a website instructs you to bash this, it's apt a scam. Close the leafage instantly and debar interacting with it.

2. Don’t click links from unverified emails and usage beardown antivirus software: Many ClickFix attacks commencement with phishing emails that impersonate trusted services similar Booking.com oregon Google Meet. Always verify the sender earlier clicking connected links. If an email seems urgent oregon unexpected, spell straight to the company’s authoritative website alternatively of clicking immoderate links wrong the email.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

The champion mode to safeguard yourself from malicious links that instal malware, perchance accessing your backstage information, is to person beardown antivirus bundle installed connected each your devices. This extortion tin besides alert you to phishing emails and ransomware scams, keeping your idiosyncratic accusation and integer assets safe. Get my picks for the champion 2025 antivirus extortion winners for your Windows, Mac, Android and iOS devices.

3. Enable two-factor authentication: Enable two-factor authentication whenever possible. This adds an other furniture of information by requiring a 2nd signifier of verification, specified arsenic a codification sent to your phone, successful summation to your password.

4. Keep devices updated: Regularly updating your operating system, browser and information bundle ensures you person the latest patches against known vulnerabilities. Cybercriminals exploit outdated systems, truthful enabling automatic updates is simply a elemental but effectual mode to enactment protected.

5. Monitor your accounts for suspicious enactment and alteration your passwords: If you’ve interacted with a suspicious website, phishing email oregon fake login page, cheque your online accounts for immoderate antithetic activity. Look for unexpected login attempts, unauthorized password resets oregon fiscal transactions that you don’t recognize. If thing seems off, alteration your passwords instantly and study the enactment to the applicable work provider. Also, see utilizing a password manager to make and store analyzable passwords. Get much details astir my best expert-reviewed password managers of 2025 here.

6. Invest successful idiosyncratic information removal service: Consider utilizing a work that monitors your idiosyncratic accusation and alerts you to imaginable breaches oregon unauthorized usage of your data. These services tin supply aboriginal informing signs of individuality theft oregon different malicious activities resulting from ClickFix oregon akin attacks. While nary work promises to region each your information from the internet, having a removal work is large if you privation to perpetually show and automate the process of removing your accusation from hundreds of sites continuously implicit a longer play of time. Check retired my apical picks for information removal services here.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Kurt’s cardinal takeaway

ClickFix is simply a reminder that malware doesn’t ever trust connected analyzable exploits. It often conscionable needs you to travel the incorrect instructions. Attackers are refining their methods, making scams similar fake CAPTCHAs, phishing emails and deceptive pop-ups much convincing than ever. The champion mode to enactment up is to question thing that seems adjacent somewhat off. If a website asks you to tally commands oregon paste thing into PowerShell, it’s a reddish flag. If an email pressures you into clicking a link, verify it first.

CLICK HERE TO GET THE FOX NEWS APP

Do you deliberation tech companies are doing capable to halt malware similar ClickFix? Let america cognize by penning america astatine Cyberguy.com/Contact.

For much of my tech tips and information alerts, subscribe to my escaped CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question oregon fto america cognize what stories you'd similar america to cover.

Follow Kurt connected his societal channels:

• Facebook
• YouTube
• Instagram

Answers to the most-asked CyberGuy questions:

• What is the champion mode to support your Mac, Windows, iPhone and Android devices from getting hacked?
• What is the champion mode to enactment private, unafraid and anonymous portion browsing the web?
• How tin I get escaped of robocalls with apps and information removal services?
• How bash I region my backstage information from the internet?

New from Kurt:

• Try CyberGuy's caller games (crosswords, connection searches, trivia and more!)
• CyberGuy's exclusive coupons and deals

Copyright 2025 CyberGuy.com. All rights reserved.