ClickFix is a new and sophisticated social engineering technique that targets users searching for cracked software on search engines. Cybercriminals create fake landing pages on trusted platforms to lure victims into executing commands that install malware such as the ACR stealer for Windows and the Odyssey infostealer for macOS. The attack exploits vulnerabilities in browser sandboxes, making it difficult for security tools to detect and prevent the malicious activity.
Once the victims execute the malicious commands, the malware completely bypasses traditional security mechanisms by being executed filelessly in memory. Windows users are guided to a MEGA file hosting site where they unknowingly download a password-protected ZIP file containing the harmful software, while macOS users are exposed to a fake security check that tricks them into copying a Base64-encoded command. The effectiveness of this attack underscores the need for stronger awareness and education around cybersecurity.
👉 Pročitaj original: Cyber Security News
