If you are browsing a website when an alert pops up telling you to take immediate action, think twice before you click!
A new type of cyberattack, called “ClickFix,” has recently been identified. The name comes from the fact that these attacks aim to trick users into taking action – such as clicking – under the pretext of “fixing” a system issue. They appear as pop-ups or false alerts claiming the user needs to complete a CAPTCHA challenge, enter credentials, or copy and paste code in order to resolve the problem. However, the action actually downloads malware onto your computer.
ClickFix attacks often start off as malicious advertisements. While they are unable to harm the device directly in that form, once the user interacts with the ad, the malware is transferred onto the device. Because the user’s own actions compromise the device, these attacks can often bypass typical security systems.
What to do if you encounter a ClickFix attack:
Do not follow any prompts or instructions the pop-ups mention. If you are concerned that there might be a legitimate system issue, do not click on the pop-up, but contact ASIS directly.
If you find yourself directed to Windows Run or PowerShell and told to paste in code, never do so. While those two programs are legitimate, running the pasted code will activate the virus on your computer.
ClickFix attacks can also target phones. If you see a pop-up appear, perhaps claiming that you need to update an app or verify your identity, don’t click on it or follow any code-related instructions.
What to do if you think your device has been infected by a ClickFix attack:
1. Disconnect from the internet
2. Contact ASIS immediately