![\"Woman](\"https:\/\/www.europesays.com\/us\/wp-content\/uploads\/2025\/07\/1751584089_665_960x0.jpg\")
<\/p>\n<\/p>\n
Do not become a ClickFix victim.<\/p>\n
getty<\/p>\n
Republished on July 3 with reports into a new attack with a different twist.<\/p>\n
There\u2019s a new attack \u201ctaking the threat landscape by storm,\u201d and it should have all PC users worried. \u201cWhile virtually nonexistent a year ago,\u201d this attack has surged to such an extent in recent months that it\u2019s now second only to phishing<\/a> on the danger list.<\/p>\n We\u2019re talking so-called ClickFix attacks<\/a>, in which you are tricked into hacking your own PC when you follow on-screen instructions to fix a technical issue, open a secure file or website, or prove your human through a popup CAPTCHA challenge.<\/p>\n ForbesPorn Ban Warning For Millions Of iPhone And Android UsersBy Zak Doffman<\/a><\/p>\n The latest warning comes from ESET<\/a>, which says in its new Threat Report<\/a> that these attacks have now \u201cskyrocketed.\u201d That should maybe be no surprise, given the multiple warnings<\/a> that have been issued in recent months.<\/p>\n But what should come as more of a surprise is that these attacks are still claiming countless victims, despite being so easy to detect and avoid \u2014 in theory at least.<\/p>\n ClickFix attack<\/p>\n Proofpoint<\/p>\n ESET warns \u201cpayloads at the end of ClickFix attacks vary widely \u2013 from infostealers to ransomware and even to nation-state malware \u2013 making this a versatile and formidable threat.\u201d It targets different operating systems, but this is really a Windows PC threat.<\/p>\n ClickFix always works by asking users to copy and paste text into a Run window, thus executing a script. That script can itself be dangerous, but more likely seems benign and actually downloads and runs the malicious script out of sight of the user.<\/p>\n 2025 Threat Report<\/p>\n ESET<\/p>\n \u201cBy the end of 2024,\u201d ESET says, \u201cattacks using the same social engineering technique flooded the web. Threat actors have been creating fake websites mimicking popular services \u2013 such as Booking.com or Google Meet \u2013 compromising legitimate websites with fake browser update prompts, fake Cloudflare verifications or reCAPTCHA checks, and distributing links leading to ClickFix pages via email campaigns.\u201d<\/p>\n ClickFix attack.<\/p>\n McAfee<\/p>\n The ClickFix attack is just a shop window for multiple threats that will be installed on your device if you fall for that initial lure. \u201cThe list includes popular infostealers such as Lumma Stealer, VidarStealer, StealC, and Danabot; remote access trojans such as VenomRAT, AsyncRAT, and NetSupport RAT; remote monitoring and management tools such as MeshAgent; post-exploitation frameworks such as Havoc and Cobalt Strike; and cryptominers, loaders, clipboard hijackers, and much more.\u201d<\/p>\n If you\u2019re not worried yet, then you should be. These attacks are varying rapidly. Hackers are seeking out new lures and testing what works best. The capability is also being farmed out to multiple groups with different malware to deploy. Recent attacks have even “attempted to deploy Interlock (formerly Rhysida) ransomware.\u201d<\/p>\n ForbesMicrosoft\u2019s Password Change Is Just Days Away\u2014Act NowBy Zak Doffman<\/a><\/p>\n If you ever see a message \u2014 however worded<\/a> \u2014 asking you to press the Windows Key + \u201cR\u201d and then \u201cCtrl+V\u201d to paste and then \u201cEnter,” then your PC is being hacked. Period.<\/p>\n Do none of those things. Escape or force exit the program. And then reboot your PC. If you think you have fallen into a ClickFix trap, run an antivirus scan on your PC and change all key account passwords. You should also check your financial accounts.<\/p>\n While ClickFix is synonymous with Windows, there\u2019s now a timely reminder that Mac users are also vulnerable to these tactics \u2014 being tricked into running a script on your device that seems to do one thing, when it\u2019s actually hacking you in the background.<\/p>\n