Devious new ClickFix malware variant targets macOS, Android, and iOS using browser-based redirections
When you buy through links on our articles, Future and its syndication partners may earn a commission.
Security researchers found ClickFix attacks evolving to target other operating systems
On Android and iOS, the attack is particularly worrisome, as it transforms into a drive-by attack
The malware is already being flagged by antivirus programs
ClickFix, an infamous hacking technique that tricks people into running malware thinking they're fixing a problem on their computer, has evolved, experts have warned.
New research from c/side has revealed what used to be a Windows-only attack method is now capable of targeting macOS, iOS and Android devices, as well.
In a blog post analyzing the evolution, the researchers said the new attack starts with a compromised website. The threat actors would inject JavaScript code which redirected users to a new browser tab when they clicked on certain elements on the page. The new tab then displays a page that looks like a legitimate URL shortener, with a message to copy and paste a link into the browser - and doing so triggers yet another redirect, this time to a download page.
Here is where the technique diverges, depending on the operating system of the victim.
On macOS, the attack leads to a terminal command that fetches and executes a malicious shell script, already flagged by multiple antivirus programs.
On Android and iOS, things are even worse, since the attack no longer requires any user interaction.
'When we tested this on Android and iOS, we expected a ClickFix variant. But instead, we encountered a drive-by attack,' the researchers explained.
'A drive-by attack is a type of cyberattack where malicious code is executed or downloaded onto a device simply by visiting a compromised or malicious webpage. No clicks, installs, or interaction required.'
In this case, the site downloads a .TAR archive file, holding malware. This one, too, was flagged by at least five antivirus programs already.
'This is a fascinating and evolving attack that demonstrates how attackers are expanding their reach,' c/side explained. 'What started as a Windows-specific ClickFix campaign is now targeting macOS, Android, and iOS, significantly expanding the scale of the operation.'
New ClickFix campaign spotted hitting both Windows and Linux machines
Take a look at our guide to the best authenticator app
We've rounded up the best password managers
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Miami Herald
21 minutes ago
- Miami Herald
Why 1Password is The Travel Accessory I Never Leave Behind
This post is sponsored by 1Password. If you've ever tried managing a family trip, you know the chaos is real. Between booking flights, wrangling hotel check-ins, and keeping everyone's travel docs straight, the last thing you want to worry about is where you saved your Airbnb login. That's why 1Password has become my go-to travel tool-not just for me, but for the entire family. While 1Password is known as a password manager, seasoned travelers know it's much more. As Sophia Orlando, SheBuysTravel's CTO, explains: '1Password isn't just a place to store passwords (though it does that really well). It's where I keep everything I might need while traveling: passport numbers, credit cards, TSA PreCheck info, emergency contacts, frequent flyer logins, even random international transit apps I'll forget about a week later. And I know it's all secure.' This approach transforms what could be a scattered collection of login details, photos of documents, and hastily saved bookmarks into one organized, accessible place. No more digging through email threads to find that hotel confirmation number or trying to remember which app you used to book that cooking class in. Apple's iCloud Keychain does a good job of managing passwords, as long as everyone in your family is on an Apple device. However many families have a mixed tech ecosystem. Maybe your spouse is on Android, the kids have Chromebooks for school, and you toggle between Mac and PC for work. This is where 1Password's cross-platform compatibility becomes invaluable. Whether you're using iOS, Android, Mac, Windows, your family's digital life travels with you. The browser extensions work seamlessly across Chrome, Safari, and Firefox, ensuring that Disney+ login or that obscure transit app works regardless of which device you grab at the airport. Understanding 1Password's security model helps explain why it's particularly suited for travel. Your data receives end-to-end encryption protection, meaning no one, not even 1Password, can read your password. Added to that, everything saved in 1Password is encrypted locally on your device before reaching their servers. The Secret Key feature adds a second layer of protection, a unique, locally stored component that works alongside your Master Password. Think of it as a second lock on your safe that only your device knows about. Even if someone accessed 1Password's servers, they'd find only encrypted data. In that sense, it's like a safe deposit box at your local bank. As Orlando notes: 'From a technical standpoint, 1Password uses end-to-end encryption and a zero-knowledge setup, so even 1Password can't see what's inside my vault. That matters to me. But honestly, what I appreciate most is the peace of mind. If I'm in a different country and I need access to something important-I don't have to dig through emails or try to remember a password I created two years ago.' 1Password for Families introduces shared vaults that transform family travel coordination. Create a dedicated 'Summer 2025 Trip' vault and populate it with everyone's passport copies, the Airbnb reservation, insurance information, and that carefully curated list of must-try gelato spots. Instant access for everyone, with real-time syncing that eliminates the midnight 'Can you send me the flight confirmation again?' texts. Fellow SheBuysTravel author Jennifer Mitchell has experienced this transformation firsthand: 'We've been using 1Password for years, and it's been a total game changer for our family. It's so convenient to have all our shared logins-like streaming services or travel accounts-in one place. Plus, we each get our own private vault for personal items we need to keep track of. When we're traveling, it's quite handy to pull up flight details, hotel info, or rental car reservations without digging through emails.' One of 1Password's most underrated features addresses a uniquely modern travel concern: what happens when you need to cross borders with sensitive data on your devices? Travel Mode lets you temporarily remove sensitive vaults with a single toggle, showing customs agents or airport inspectors only what you choose to keep accessible. During a recent international trip, I activated Travel Mode before departure, keeping only essential travel information including flight details, hotel bookings, and emergency contacts, while temporarily hiding banking logins and tax documents. Once I reached my destination, everything returned with another simple toggle. The peace of mind was worth the feature alone. Travel involves uncertainty, but managing your digital life doesn't have to add to the stress. 1Password provides the infrastructure that lets families move confidently through airports, Airbnbs, and amusement parks with one less worry. 1Password is kicking off the summer travel season with a special offer. Use our links to save 50% off your first year, whether you choose an individual plan or a family plan, which enables you to set up accounts for up to five family members. My crew is on the Family plan, and honestly, it's fantastic. 1Password securely stores your passwords, documents, credit cards, and much more, making it an indispensable, easy-to-use tool for managing your digital life. Why You Should Keep a Penny in the Freezer & Other Ways to Keep Your Home Safe While You're AwaySingle Mom Vacation IdeasHow to Travel Solo as a WomanRoad Trip Planner: How to Plan an Epic Road Trip The post Why 1Password is The Travel Accessory I Never Leave Behind appeared first on She Buys Travel. Copyright © 2025 SheBuysTravel · All Rights Reserved
Forbes
38 minutes ago
- Forbes
American iPhones Maybe Targeted In Spyware Attacks
Were iPhones really attacked? A new report from the team at iVerify warns that a 'previously unknown' vulnerability in iOS maybe enabled a highly targeted attack on iPhones in the U.S. as well as Europe. This flaw was not in the core messaging architecture itself, but in its nickname feature. 'Any increase in the size of a codebase is going to introduce attack opportunities,' iVerify told me. And that's the case here. When a user updates their profile, 'nickname, photo, or wallpaper,' this triggers "a 'Nickname Update' on a recipient's device." Trivial though it might seem, that nickname update process is a data transmission from one device to another, it's implicitly trusted data and it's within the secure enclave. 'This vulnerability was present in iOS versions up to 18.1.1 and fixed in iOS 18.3.1.' While there's no doubting the flaw and the fix, there is no concrete proof it was exploited in the wild. 'We analyzed crash data from nearly 50,000 devices," iVerify says, "and found that the imagent crashes related to Nickname Updates are exceedingly rare, comprising less than 0.001% of all crash logs collected.' But those rare instances appeared only on 'devices belonging to individuals likely to be targeted by sophisticated threat actors.' Sometimes, Occam's Razor really does apply. Those high-risk individuals were affiliated with 'political campaigns, media organizations, tech companies, and governments in the EU and U.S.' Delete All Texts On Your Phone That Look Like This These are exactly the type of individuals Apple says should use its Lockdown Mode, which restricts a raft of iPhone features and is intended to shutdown attacks that might otherwise get through. It's unclear whether that would have mitigated this risk — and irrelevant now as it's patched. But it certainly makes an iPhone more secure. 'iOS remains a robust and secure operating system,' iVerify told me. 'iMessage is likely targeted not because it's insecure but instead because it's popular." That said, it's toeing a tricky line between feature-rich messenger and secure comms tool. Signal is better, iVerify says, if you want to really secure your comms with a COTS platform. That said, as we've seen before, iMessage is on all iPhones and is almost never disabled, and so if there is a working zero-click attack, it will likely get through. On that note, 'Signal is open source,' iVerify says, "which does have security advantages in the sense that it's transparent and therefore easier for researchers to examine. And it's a simple code base, which does reduce the potential attack surface.' Google Confirms Most Gmail Users Must Upgrade Accounts iVerify reports that forensic examination of one affected device "provided evidence suggesting exploitation: several directories related to SMS attachments and message metadata were modified and then emptied just 20 seconds after the imagent crash occurred. This pattern of deleting potential evidence mirrors techniques observed in confirmed spyware attacks where attackers 'clean up' after themselves." But again, this is speculation ands there's no confirmation or attribution, as Apple will be keen to emphasize. While there's 'no smoking gun,' iVerify says, 'definitively proving exploitation exists, when taken together, this body of evidence gives us moderate confidence these crashes indicate targeted exploitation attempts.' I have reached out to Apple for any comments on this report. iMessage has been exploited before and whether or not that's what has happened here, it will remain a target — as will WhatsApp and all other apps and platforms that run on most devices. Exploiting such a vulnerability is the easiest way to compromise an endpoint, as is especially relevant at the moment when it comes to encrypted data. For most users though, your biggest iMessage risks remains texts with malicious lures and crafty links that trick you into clicking. These highly targeted attacks — real or not — should not be a concern. Unpaid tolls and undelivered packages, though…
Yahoo
38 minutes ago
- Yahoo
OnePlus Looks to Undercut Apple and Samsung With New $700 Tablet
(Bloomberg) -- OnePlus USA Corp. introduced a slimmed-down version of its premium Android tablet on Thursday, looking to beat competing devices from Samsung Electronics Co and Apple Inc. with its price and specifications. ICE Moves to DNA-Test Families Targeted for Deportation with New Contract Next Stop: Rancho Cucamonga! The Global Struggle to Build Safer Cars US Housing Agency Vulnerable to Fraud After DOGE Cuts, Documents Warn NYC Residents Want Safer Streets, Cheaper Housing, Survey Says The tablet, called the OnePlus Pad 3, will be available on July 8 for $700 in the US and $1,000 in Canada. In addition to the thin frame, the company is touting faster performance, an improved display and upgraded multitasking features. The Pad 3's price falls between Apple's 11-inch ($599) and 13-inch ($799) iPad Air tablets. Android tablets have failed to make much of a dent in the US to Apple's tablet business. Samsung, Inc. and smaller players fill out the rest of the market. The Pad 3 is less than 6 millimeters thick and features a 13.2-inch display with a higher pixel density than the iPad Air, promising crisp text and other visuals. (Apple's far more expensive 13-inch iPad Pro is just 5.1 millimeters thick.) Inside, it's powered by Qualcomm Inc.'s Snapdragon 8 Elite chip, a processor found in other recently released high-end devices such as Samsung's Galaxy S25 Edge phone. Battery life can exceed 17 hours with less demanding usage, according to the company. Alternatively, users can expect as much as six hours playing graphics-intensive video games, the company says. OnePlus also said the battery can recover 18% of capacity after a 10-minute charge. Most iPads are usually graded at 10 hours of battery life. In a hands-on test, the tablet seemed sturdy even with its thin dimensions. The LCD screen falls short of the higher-quality OLED panels used in pricier top-of-the-line tablets from Apple and Samsung, but it renders colors well and is capable of high brightness levels. Additionally, the eight speakers produced robust sound. Android continues to offer fewer tablet-optimized apps than Apple's iPadOS, but by now many popular platforms and services are available for larger-format devices like this. OnePlus' updated Open Canvas multitasking system lets users drag and drop multiple apps into different zones and adjust how much space they each take up. The tablet automatically recommends entering split-screen mode if it detects you flicking between apps. OnePlus is also releasing updated accessories for the Pad 3, including a $200 keyboard with trackpad. The company's existing $100 stylus pen is also compatible with the new hardware. The $50 folio case is a highlight, with a versatile design that lets you position the tablet in several different orientations. Like the tablet, some of OnePlus' accessories are priced lower than Apple's equivalents: The iPad Air's keyboard is $269, though the Apple Pencil starts at $79. At $700, the Pad 3 is $150 more expensive than the company's previous tablet. OnePlus attributes the higher cost to the larger display and other hardware refinements, though it acknowledged 'current market conditions' factored into the price. Electronics makers continue to grapple with uncertainty around tariffs that the Trump administration has levied against most US trading partners and critical manufacturing hubs. OnePlus was co-founded by Carl Pei, who departed the company in 2020 and now leads another consumer tech brand called Nothing. (Updates with context about OnePlus' founder in the last paragraph.A previous version corrected the formal name of OnePlus in the first paragraph.) Cavs Owner Dan Gilbert Wants to Donate His Billions—and Walk Again YouTube Is Swallowing TV Whole, and It's Coming for the Sitcom Millions of Americans Are Obsessed With This Japanese Barbecue Sauce Is Elon Musk's Political Capital Spent? Trump Considers Deporting Migrants to Rwanda After the UK Decides Not To ©2025 Bloomberg L.P. Sign in to access your portfolio
