If You See These Messages On Your PC, You’re Being Hacked

There’s a new attack “taking the threat landscape by storm,” and it should have all PC users worried. “While virtually nonexistent a year ago,” this attack has surged to such an extent in recent months that it’s now second only to phishing on the danger list.

We’re talking so-called ClickFix attacks, in which you are tricked into hacking your own PC when you follow on-screen instructions to fix a technical issue, open a secure file or website, or prove your human through a popup CAPTCHA challenge.

ForbesPorn Ban Warning For Millions Of iPhone And Android UsersBy Zak Doffman

The latest warning comes from ESET, which says in its new Threat Report that these attacks have now “skyrocketed.” That should maybe be no surprise, given the multiple warnings that have been issued in recent months.

But what should come as more of a surprise is that these attacks are still claiming countless victims, despite being so easy to detect and avoid — in theory at least.

ESET warns “payloads at the end of ClickFix attacks vary widely – from infostealers to ransomware and even to nation-state malware – making this a versatile and formidable threat.” It targets different operating systems, but this is really a Windows PC threat.

ClickFix always works by asking users to copy and paste text into a Run window, thus executing a script. That script can itself be dangerous, but more likely seems benign and actually downloads and runs the malicious script out of sight of the user.

“By the end of 2024,” ESET says, “attacks using the same social engineering technique flooded the web. Threat actors have been creating fake websites mimicking popular services – such as Booking.com or Google Meet – compromising legitimate websites with fake browser update prompts, fake Cloudflare verifications or reCAPTCHA checks, and distributing links leading to ClickFix pages via email campaigns.”

The ClickFix attack is just a shop window for multiple threats that will be installed on your device if you fall for that initial lure. “The list includes popular infostealers such as Lumma Stealer, VidarStealer, StealC, and Danabot; remote access trojans such as VenomRAT, AsyncRAT, and NetSupport RAT; remote monitoring and management tools such as MeshAgent; post-exploitation frameworks such as Havoc and Cobalt Strike; and cryptominers, loaders, clipboard hijackers, and much more.”

If you’re not worried yet, then you should be. These attacks are varying rapidly. Hackers are seeking out new lures and testing what works best. The capability is also being farmed out to multiple groups with different malware to deploy. Recent attacks have even “attempted to deploy Interlock (formerly Rhysida) ransomware.”

ForbesMicrosoft’s Password Change Is Just Days Away—Act NowBy Zak Doffman

If you ever see a message — however worded — asking you to press the Windows Key + “R” and then “Ctrl+V” to paste and then “Enter,” then your PC is being hacked. Period.

Do none of those things. Escape or force exit the program. And then reboot your PC. If you think you have fallen into a ClickFix trap, run an antivirus scan on your PC and change all key account passwords. You should also check your financial accounts.