Proofpoint warns of ClickFix: an attack method that uses innocuous-looking PowerShell commands that hide malware.
In a blog, security firm Proofpoint warns of an advance of ClickFix. Proofpoint speaks of a unique social engineering technique in which victims are fooled with fake PowerShell commands. Attackers prompt the victim to run a script that installs malware, bypassing classic security methods.
Error message
A typical ClickFix attack begins with an error message for commonly used software, such as Microsoft Word or Google Chrome. The dialog box contains a button the victim must click to fix the problem.
A PowerShell command then appears that either automatically cuts and pastes into the application or prompts the victim to do so manually. The unsuspecting victim thus installs malware on their own device.
Proofpoint has seen an uptick in the use of the ClickFix technique since September. Both popular software and company-specific applications are being abused in the process. In most cases, ClickFix is deployed by cybercriminals bent on ransom, but Proofpoint suspects that government agencies in Ukraine have already been targeted as well. Clickfix campaigns spread various types of malware.
Human behavior
The rise of ClickFix illustrates the shift toward manipulating human behavior as traditional attack vectors become less successful. This method bypasses security mechanisms because the victim installs the malware themselves. Proofpoint recommends that companies train employees to recognize and avoid social engineering techniques such as ClickFix.
read also