ClickFix campaigns impersonate familiar verification pages and manipulate victims into pasting malicious commands that install password stealers and remote-access tools.
Основний текст
Читай текст у контексті й натискай підсвічені слова, щоб відкрити переклад, транскрипцію та дії зі словником.
Vocabulary:9(✓0+0-9)
knownlearningnew
Fake Google and Cloudflare verification pages are driving a new wave of ClickFix attacks. The pages look like , but their real purpose is to persuade visitors to infect their own computers.
A typical page claims that manual verification is required. It may secretly place a malicious command on the and tell the user to open Windows Run, PowerShell or Terminal. The victim then pastes and while believing it will prove they are human.
This method relies on rather than a software exploit. The attackers borrow trusted logos, familiar layouts and technical language. Countdown timers, visitor counters and urgent warnings create pressure to follow the instructions quickly.
Malwarebytes found multiple campaigns using shared infrastructure and similar . The observed payloads included HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport and a Rust-based information stealer.
One chain used a of the legitimate Franz messaging app. It downloaded a previously undocumented loader called ResiLoader, which disabled security software before installing the StealC .
The campaigns reached victims through compromised websites, repurchased domains, Cloudflare Pages and fake QR-code or file-access services. Some lures imitated Google reCAPTCHA, while another claimed that users needed to repair audio for Google Meet.
ClickFix is effective because the final dangerous action appears to come from the victim. Security tools may see a real Windows utility running a command that the user pasted manually. That can make the activity look less suspicious than a traditional malicious download.
The safest response is to stop when a website asks for . Legitimate Google, Cloudflare or Microsoft verification will not require users to paste a PowerShell command to prove they are human.
Users should close the page, check the service through an official support channel and keep security software updated. Anyone who already ran a suspicious command should disconnect the device, seek professional help and change important passwords from a clean system.
The broader lesson is that familiar verification screens should not receive automatic trust. A CAPTCHA normally asks for a click, image choice or simple puzzle. When it asks for keyboard shortcuts and copied code, the verification itself has become the .
Вправи
Перевірте розуміння тексту, ключову лексику та зміст уроку після читання.
Після перегляду визнач, чи правильне твердження
Визнач, чи твердження правдиві.
Щоб виконувати завдання, увійдіть в акаунт.
Вибери правильний варіант відповіді
Вибери правильну відповідь.
Щоб виконувати завдання, увійдіть в акаунт.
Обговорення
щоб коментувати, лайкати відповіді та скаржитися на коментарі.
SecondFi exploit losses may top $20M, SlowMist warns
Обговорення
щоб коментувати, лайкати відповіді та скаржитися на коментарі.