clickfix-feature-image

BEWARE ClickFix Popup – Do Not Click

By / / Leave a Comment / Browser, Email, Security

Security researchers have identified a new high-risk malware delivery system dubbed ClickFix. ClickFix is delivered via two methods:

  1. As a popup message within the Chrome browser when visiting a compromised website
  2. As an HTML email attachment prompting the user to install a missing Word extension or to fix a fake OneDrive error

ClickFix Delivery Via Compromised Websites

(credit proofpoint)
ClickFix Popup

The Chrome popup is particularly believable as it displays only when the browser is in use thereby creating a certain sense of affinity. Bear in mind though, that the popup will only display when visiting compromised websites.

As you can see from the above image, the user is prompted to click a Copy fix button and follow the steps to run (malicious) code within an elevated PowerShell.

ClickFix Delivery Via Email Attachment

The second method of delivery is via an HTML email attachment either purporting to represent Microsoft Word or OneDrive:

  • WORD: Clicking this attachment will open a webpage disguised as a Word document with a message prompting the user to install a missing extension. From there, the methodology is the same; click a Fix button and follow the instructions to run the malicious code
  • ONEDRIVE: Clicking this attachment will open a page appearing to display a document hosted on OneDrive and including a fake error message:

(credit proofpoint)
OneDrive Fake Error Message

Again, the methodology is identical; click the How to fix button and follow the instructions to run the malicious code. Of course, in each and every case, if the user falls for these traps and follows the instructions, the end result is a badly infected system.

BOTTOM LINE:

As you can see, all of these methods require quite a bit of user interaction in order to deliver their payload.

  • Never Trust Pop-Up Fixes: If you encounter error messages within a browser or application, look for solutions from the program’s official resources/support pages
  • Beware of Suspicious Email: Never open attachments coming with unsolicited email messages, particularly from unknown sources
  • The One Golden Rule: Always treat everything with a healthy degree of skepticism and an abundance of caution

Stay safe out there!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top