Hackers target popular student site iClicker to spread malware via ClickFix attacks — how to stay safe
Digital classroom tool iClicker was compromised between April 12 and April 16th by a ClickFix attack, which uses a fake CAPTCHA to trick victims into installing malware. This particular hack attempted to fool students and instructors into pressing 'I'm not a robot' in order to verify themselves. However, instead of proving they were human, they actually copied a PowerShell script onto their Windows clipboard.
The convincing-looking CAPTCHA requests victims to open a Windows Run dialog (Win + R) and then use Ctrl + V to unknowingly paste the PowerShell script into it. The user then executes the malware by pressing Enter to 'verify' themselves. The PowerShell script varied depending on the type of visitor, so it was difficult to determine what type of malware was installed, though ClickFix attacks often install infostealers.
ClickFix attacks have recently become more common, and are social engineering attacks used in malware campaigns like the Cloudflare CAPTCHA attacks. They often spread infostealers onto victims' devices, which are designed to steal data like cookies, credentials, passwords, credit cards, and browsing history. An infosealer may also steal cryptocurrency wallets, private keys and text files that contain sensitive information. This data is returned to the attacker who either sells it on the dark web or uses this stolen info in future attacks.
The ClickFix attack is no longer running on iClicker's website, though the PowerShell payload can still be launched by running a command using Any.Run. iClicker is owned by Macmillan, who has yet to comment on the breach. It is used by instructors to take attendance and track student engagement, and used by students to ask live questions or to take surveys.
Colleges and universities across the United States use the software including the University of Michigan and the University of Florida; over 5,000 instructors and 7 million students are currently using this tool.
According to the iClicker security bulletin, the company recommends that any faculty member or student who may have clicked on a false CAPTCHA during the April 12-16th time period, should run a full scan using the best antivirus security software to make sure their devices remain protected.
Users who accessed iClicker while the site was compromised and followed the fraudulent CAPTCHA instructions should also change their iClicker password, and especially if the command was executed, change all the other passwords stored on their computer to unique and strong ones. You can always use one of the best password managers to help with this.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
It's worth keeping in mind that anyone who accessed iClicker using the mobile app or who did not encounter the fake CAPTCHA is not at risk. However, it's certainly still worth being aware of this scam and others like along with how to schedule scans with your antivirus software which should absolutely be kept up to date too.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Tom's Guide
5 hours ago
- Tom's Guide
Microsoft offers a glimpse at the future of Xbox gaming alongside AMD and Windows
Microsoft has confirmed that a next-generation Xbox console is currently in development in partnership with chipmaker AMD. The announcement was made by Xbox president Sarah Bond in a short video posted to YouTube (and also on the Xbox account on X). In the video, Bon promised that Microsoft would deliver "an Xbox experience not locked to a single store or tied to one device." The short teaser provides a glimpse of the future of Xbox gaming beyond just consoles. As the company has promised in recent months, the goal is that "anything" can be an Xbox. To start, Bond stated that Microsoft and AMD are collaborating in a "strategic multi-year partnership" that involves the two companies developing a silicon for use "across a portfolio of devices — including our next-generation Xbox consoles in your living room and in your hands." The companies will also work on improving Xbox Cloud Gaming. Of course, the thrust of Xbox going forward is that the Xbox platform itself won't be tied to consoles like the Xbox Series X or the Xbox Series S. "This is all about building you a gaming platform that's always with you, so you can play the games you want across devices anywhere you want," Bond says in the video. "Delivering you an Xbox experience not locked to a single store or tied to one device." She added that the Xbox team will be working closely with the Windows team to make sure that "Windows is the number one platform for gaming." Get instant access to breaking news, the hottest reviews, great deals and helpful tips. This all comes a little more than week after the announcement of two Asus ROG Xbox Ally handheld devices that are supposed to launch later this year. Those handhelds are going to feature a custom full-screen Xbox experience including a streamlined version of Windows 11. The new Xbox experience will run on top of Windows but will also allow you to access other gaming stores like Steam or Epic. What we gather from Bond's announcement is that future consoles will have similar access to non-Xbox store fronts. It seems that Microsoft finally realized that Windows just wasn't working for the best handheld gaming consoles. of course though, the software giant still wants Windows to power these devices including those made by Microsoft and third-party manufacturers. For those worried about their game library, it sounds like Xbox will continue to offer backwards compatibility. The next consoles will be 'maintaining compatibility with your existing library of Xbox games," Bond says. The Xbox Asus handhelds likely won't run any Xbox games that don't already have PC ports, but the next generation of consoles should run older games.
Yahoo
6 hours ago
- Yahoo
Replace your Microsoft 365 subscription with a lifetime license instead
The following content is brought to you by Mashable partners. If you buy a product featured here, we may earn an affiliate commission or other compensation. TL;DR: Grab Microsoft Office 2021 at just $49.97 (reg. $219) and enjoy lifetime access to essential productivity tools. Lifetime license for Microsoft Office Professional 2021 — pay once and access it forever Includes must-have apps: Word, Excel, PowerPoint, Outlook, Access, Teams, and Publisher Compatible with Windows — ideal for professional and personal projects Streamline your workflow with trusted tools for creating documents, managing data, and organizing emails Instant download with a product key for quick and easy setup No recurring costs — a single payment secures access to essential Office apps Say goodbye to subscriptions — don't miss this deal and get a lifetime license to Microsoft Office Professional 2021 for Windows for $49.97. StackSocial prices subject to change. Opens in a new window Credit: Retail King Microsoft Office Professional 2021 for Windows: Lifetime License $49.97 $219.99 Save $170.02 Get Deal
Yahoo
8 hours ago
- Yahoo
Microsoft Teases Multiple Gaming Devices And Next-Gen Xbox As It Doubles Down On Windows
What is an Xbox? The answer to that has never been more confusing, but a new promo video from Microsoft teasing the future of its next-gen gaming hardware lineup gives an important clue: Windows. The company said it wants the OS to be the number one platform for gaming as it doubles down on a new multiplatform strategy that supports a variety of devices rather than being locked to a single console or storefront. 'I am thrilled to share we've established a strategic multi-year partnership with AMD to co-engineer silicon across a portfolio of devices including our next-generation Xbox consoles, in your living room and in your hands,' Xbox president Sarah Bond said in a new video touting the partnership. 'Together with AMD we're advancing the state of art in gaming silicon to deliver the next generation of graphics innovation to unlock a deeper level of visual quality and immersive gameplay and player experiences enhanced with the power of AI, all while maintaining compatibility with your existing library of Xbox games.' The announcement comes after Microsoft recently revealed the Xbox Ally handhelds, variants of Asus' next iteration of portable PC gaming devices that run a special version of Windows optimized to recreate the Xbox UI experience on the go. It's part of a 'Play Anywhere' promise that includes PC, existing Series X/S consoles, Game Pass on TVs, cloud gaming, and first-party exclusives ported to PlayStation 5 and Nintendo Switch. It all sounds like a promising pivot away from the company's shrinking console business, but it also raises lots of questions about what the future of Xbox will actually look like. A new generation of Xbox consoles is coming, but will they be traditional consoles or mini-PC devices running an evolving version of Windows? Bond stresses compatibility with existing players' current libraries of Xbox games, but most Xbox games haven't been ported to PC and would need specialty solutions to maintain access at the hardware level rather than just making them playable with cloud gaming like Sony does with the PS3 generation. Will it even have a disc drive? Increasingly, the vibe appears to be no. Bond also emphasizes that the future of Xbox isn't tied to a single store or device, once again opening the door to new hardware potentially supporting things like Steam, which has traditionally been a competitor to Windows gaming. Then there's the bit about working to 'ensure that Windows is the number one platform for gaming.' Unless that's simply a nod to the fact that most PCs people play games on also run Windows, it sounds like a hint that the foundation of Xbox's future will be Microsoft's current cash cow OS with an Xbox layer overtop, rather than a bespoke platform built from the ground up for gaming as Xbox has previously been. The Verge's Tom Warren suggested as much in his breakdown of the Xbox Ally last week. 'Everything, everywhere, whenever you want' is a compelling marketing pitch that could easily become bedeviled by the details. As it stands, no single company controls as many pieces of the puzzle as Microsoft—software, hardware, and a massive publishing apparatus—but that doesn't mean they will magically all start fitting together in a way that makes sense or doesn't require tons of extra investment. And the other truth about Xbox at the moment is it seems burdened more than ever by they need to justify its P&L to the larger company, which is otherwise all but obsessed with cloud computing and AI. . For the latest news, Facebook, Twitter and Instagram.
