Proofpoint warns about ClickFix: an attack method that uses harmless-looking PowerShell commands that hide malware.

In a blog, the security company Proofpoint warns of an increase Click “Fix.”. Proofpoint speaks of a unique social engineering technique in which victims are deceived with fake PowerShell commands. Attackers encourage the victim to run a script that installs malware while bypassing traditional security methods.

Error message

A typical ClickFix attack begins with an error message for commonly used software such as Microsoft Word or Google Chrome. The dialog box contains a button that the victim must click to resolve the issue.

A PowerShell command will then appear that will either automatically cut and paste into the application or prompt the victim to do so manually. The unsuspecting victim installs malware on their own device.

Proofpoint has seen increasing use of ClickFix technology since September. Both popular software and company-specific applications are abused. In most cases, ClickFix is ​​used by cybercriminals looking for ransom money, but Proofpoint suspects that government agencies in Ukraine have also been targeted. Clickfix campaigns spread various types of malware.

Human behavior

The rise of ClickFix highlights the shift toward manipulating human behavior as traditional attack vectors become less successful. This method bypasses security mechanisms because the victim installs the malware themselves. Proofpoint recommends companies train their employees to recognize and avoid social engineering techniques like ClickFix.