ClickFix is a social engineering skill Hackers have been using it Since the beginning of 2024, malware has been spreading increasingly.
It makes you fool yourself to run malicious commands on your own computer, and attacks are now more common than ever. Hackers are getting people to install password-stolen malware by pressing a series of keyboard shortcuts, all in disguise, which prove that they are not robots.
Robots are automated computer programs that perform repetitive tasks online, often mimicking human behavior. By tricking you into proving that they are not robots, hackers can take advantage of your lack of understanding of these automation systems to make you install malware unconsciously.
Man working on laptop (Kurt “Cyberguy” Knutsson)
What you need to know
As reported Crabson Safetythe latest ClickFix campaigns trick you into installing password-stolen malware under the guise of routine “Verify You Are Human” testing. It has become mainstream initially seen in targeted attacks, affecting industries such as hospitality and healthcare.
The scam begins when you visit a hacked or malicious website and view fake verification code prompts. Clicking the “I’m Not a Robot” button triggers a set of instructions asking you to press a specific keyboard shortcut. First, you are told to press Windows + R, which opens the Windows Run dialog box. You are then instructed to press CTRL+V to paste the malicious script copied from the website’s virtual clipboard. If ENTER is pressed, a script that downloads and runs the malware is executed.
What is artificial intelligence (AI)?
Cybercriminals are using phishing emails and malicious websites to spread click frameworks. The goal of the hotel industry is to attackers who impersonate booking.com and send fake emails citing guest comments or promotions. Clicking the links in these emails leads you to the click trap. Healthcare workers have also become targets, with malicious code embedded in the widely used physical therapy website HEP2GO.
Once you click on fix on your computerit installs various types of malware, including password stealers like Xworms, Lumma Stether and Danabot, which extract your login credentials and financial information. Some versions provide remote access to Trojans such as Venomrat and Asyncrat, giving attackers complete control of your system. Others deploy NetSupport Rat, a remote access tool commonly used for cyber espionage.
Execution of this series of keys prompted Windows to download passwords to steal malware. (Krebsonsecurity)
The Hidden Cost of Free Applications: Your Personal Information
Previous click-through attacks
Security researchers believe ClickFix has been targeting people since March 2024. I reported on malware in June 2024 As fake Google Chrome, Word and OneDrive errors Scare users to download harmful codes. Just like the current campaign, the attacker prompted the victim to click a button that copies PowerShell “fix” to the clipboard, and then paste and run it in the Run dialog or PowerShell prompt.
By November 2024, the attacker Expand their goals to meet users. The scam begins with an email containing links to Google Meet meetings, often concealed, as if from a victim organization. This link leads to invitation meetings, webinars or online collaboration. Clicking the link indicates the victim to the fake Google Meet Page, which shows warnings claiming there is a problem with their PC, such as a microphone, camera, or headset.
On the fake chrome error page and Facebook login tipsfurther spread malware to different platforms and increase its coverage.
This malware attack pretends to be a verification code, aiming to separate humans from robots. (Krebsonsecurity)
Beyond hackers who steal their identities
6 Ways You Can Be Safe from Click-On malware
To protect yourself from the evolving threat of ClickFix malware, which continues to target users through complex social engineering strategies, consider implementing these six basic security measures.
1. Sceptical about verification code prompts: Legal Verification Testing never requires you to press Windows + R, copy commands, or paste anything into PowerShell. If the website instructs you to do this, it can be a scam. Close the page immediately and avoid interacting with it.
2. Don’t click on links in unverified emails and use powerful antivirus software: Many ClickFix attacks start by emulating phishing emails for trusted services such as Booking.com or Google Meet. Be sure to verify the sender before clicking on the link. If the email seems urgent or unexpected, go directly to the company’s official website instead of clicking any links in the email.
Click here to visit Fox Business
The best way to protect yourself from installing malware (malicious links that may access private information) is to install powerful antivirus software on all devices. This protection can also remind you about phishing email and ransomware scams, ensuring your personal information and digital assets are secure. The choice of the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
3. Enable two-factor authentication: Enable Two-factor authentication As much as possible. In addition to the password, this requires a second form of verification (such as the code sent to the phone), which adds additional security.
4. Keep the device up to date: often Update operating system, browser and security software Make sure you have the latest patches for known vulnerabilities. Cyber criminals take advantage of outdated systems, so enabling automatic updates is an easy way to maintain protection.
5. Monitor your account for suspicious activity and change your password: If you have interacted with a suspicious website, phishing email, or fake login page, check for any abnormal activity in your online account. Looking for unexpected login attempts, unauthorized password resets, or financial transactions you don’t recognize. If you have any questions, change your password immediately and report activity to the relevant service provider. Also, consider using a password manager to generate and store complex passwords. Get more details about me Best Expert Review Password Manager in 2025.
6. Invest in personal data deletion services: Consider using services that can monitor your personal information and alert you of potential violations or unauthorized use of data. These services can provide early warning signals for identity theft or other malicious activity or other malicious activity caused by similar attacks. While there is no service that promises to remove all data from the Internet, it is great to have a deletion service if you want to keep monitoring and automatically delete information from hundreds of sites. View my preferred data deletion service here.
Large-scale security vulnerabilities put the most popular browsers at risk on Mac
Kurt’s key points
ClickFix reminds you that malware does not always rely on complex exploits. Usually you only need to follow the wrong instructions. Attackers are perfecting their approach, creating scams like fake verification codes, phishing emails, and deceptive popups that are more persuasive than ever. The best way to stay ahead is to question anything that seems to be a little off. It is a red flag if the website requires you to run a command or paste something into PowerShell. If email stress you want to click on the link, verify it first.
Click here to get the Fox News app
Do you think tech companies are doing enough to stop malware like ClickFix? Let’s write to us cyberguy.com/contact.
For more technical tips and security alerts for me, please subscribe to my free online reporting newsletter cyberguy.com/newsletter.
Ask Kurt a question, or let us know what stories you want us to cover.
Follow Kurt on his social channels:
Answers to the most popular web guess questions:
New things from Kurt:
Copyright 2025 CyberGuy.com. all rights reserved.
