4 days ago
This Dangerous Email Tricks You Into Hacking Your Own PC
Do not be tricked into hacking your own PC.
getty
Take a walk through any major tourist city in the world, and eventually you will see them. On a bridge or promenade or in a park. Someone sitting with three plastic cups and a bunch of onlookers, watching as someone is scammed.
Everyone knows it's a scam. It doesn't matter that you've watched as the marble is placed under a cup, keeping an eagle eye on it as the three cups are swapped around. The marble has moved and you cannot win. You know you should know better.
So it is with the so-called ClickFix lures currently hacking PCs around the world. The leading example of the new wave of 'scam yourself' attacks, you know you should know better. But the cleverness of the hook, the trickery of the scammer still works.
As McAfee explains, ClickFix attacks 'begin with users being lured to visit seemingly legitimate but compromised websites. Upon visiting, victims are redirected to domains hosting fake popup windows that instruct them to paste a script into a PowerShell terminal.' In reality, this 'sophisticated form of social engineering, leveraging the appearance of authenticity' just 'manipulates users into executing malicious scripts.'
The email lure.
Cofense
A new warning from Cofense has just outed one of the most devious lures I've seen recently. It's a nasty attack that plays on the human emotions and fears of the victim being scammed, so much so that they don't see the attack coming. But they should.
The dangerous email lure is sent to businesses in the travel industry, purporting to be from market giant warning that a customer has made a serious complaint and giving the recipient a time-boxed opportunity to respond using the link provided.
This click launches ClickFix
Cofense
'While the exact email structure varies from sample to sample,' Cofense says, 'these campaigns generally provide emails with embedded links to a ClickFix fake CAPTCHA site which is used to deliver a malicious script that runs RATs and/or information stealers.'
The campaign 'preys on the recipient's fear of leaving a guest dissatisfied' and might 'claim that a guest was trying to contact the hotel but was unable to get a response.' Cofense provides one such example, which is 'particularly notable for mentioning potential reputational damage and giving a strict 24-hour deadline for compliance.'
ClickFix attack.
Cofense
Not all these attacks are negative, some suggest requests or questions from future (imaginary) guests, while also providing a link for the hotel operator to respond. 'The emails used in these campaigns will sometimes state that the embedded link only works on Windows computers,' simply because this malware only infects Windows PCs.
But despite the lure, the attack is the same as all the others. In this case it's a CAPTCHA 'Robot or Human?" challenge, which instructs the user to open a Windows prompt and paste in the text on the PC's clipboard, and then press Enter. Absent a few wording changes, there is no variation in this part of the attack. It's the most blatant tell.
Cofense says some of the latest attacks used Cloudflare CAPTCHAs while others used brand instead. The instructions, though, are all the same. Once you know about ClickFix, in theory at least you can't be fooled. But the cybercriminals will try nonetheless, and the attacks are flying, so it's working.
Don't be fooled. Never paste in copied text and hit Enter in this way. Whether it's a CAPTCHA, a secure website or document restriction, or a technical fault, it's always an attack. And the hacker is always you.
