- A new online scam tactic called ClickFix has replaced previous fake browser update attacks by using advanced social engineering.
- ClickFix tricks users into running harmful commands on their computers by pretending to fix an issue or verify a CAPTCHA.
- The campaign spreads through multiple methods such as phishing emails, misleading ads, and fake web pages.
- Guardio Labs reports ClickFix is widely adopted by both cybercriminals and nation-state actors, making detection harder.
- Attackers use trusted platforms, like Google Scripts, to bypass security, helping the scam reach more victims quickly.
A new wave of cyber attacks using the ClickFix method has gained ground across the internet since early 2024. The tactic asks users to fix a non-existent problem or complete a CAPTCHA, ultimately tricking them into infecting their own computers. Security researchers at Guardio Labs have linked these attacks to both cybercriminal organizations and nation-state groups targeting a wide range of victims.
Attackers use phishing emails, drive-by downloads, suspicious online ads, and search results to lure targets to fraudulent web pages. These pages display error messages that lead victims to copy and paste dangerous commands into the Windows Run dialog or MacOS Terminal, directly installing malicious software.
Researcher Shaked Chen from Guardio Labs described ClickFix as similar to a virus that outpaced last year’s fake browser update scams. Chen noted, “It did so by removing the need for file downloads, using smarter social engineering tactics, and spreading through trusted infrastructure.” These improvements helped ClickFix deliver Malware such as information stealers, remote access tools, and malicious loaders.
The report from Guardio explains that ClickFix represents a shift from older threats like ClearFake, which used fake browser updates and relied on compromised websites to spread malware. ClearFake later developed tactics like EtherHiding, which hid harmful files on Binance‘s Smart Chain to avoid detection.
As ClickFix evolved, attackers made their error messages more convincing, adding urgency or suspicion to boost user compliance. The campaign also began using trusted cloud tools, such as Google Scripts, to deliver fake CAPTCHA pages and disguised harmful files inside legitimate-looking sources.
Chen added, “This chilling list of techniques – obfuscation, dynamic loading, legitimate-looking files, cross-platform handling, third-party payload delivery, and abuse of trusted hosts like Google – demonstrates how threat actors have continuously adapted to avoid detection.” Experts call this wave of attacks “CAPTCHAgeddon” due to its speed and effectiveness.
Additional findings show that the scam’s flexibility and stealth have allowed it to replace previous threats in a short time. Security specialists urge organizations and users to be cautious about executing commands provided by web pages and to remain alert to suspicious prompts online.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Ethereum Eyes Major Overhaul With ‘Lean’ Code for Speed, Security
- White House Plans Order Against Banks Over Conservative De-Banking
- Bitcoin Transaction Fees Plunge to Record Lows, Sparking Security Worry
- Figure Technology Files Confidential IPO, Joins Crypto Market Surge
- Misconfigurations, Not Hackers, Cause Most SaaS Security Incidents
