ClickFix has quickly become one of the most prominent cybercriminal intrusion vectors because it is less understood than phishing, which users have become progressively more wary about over time, and frequently successful.
“What makes this new social engineering technique effective is that it is simple enough for the victim to follow the instructions, believable enough to look like it might fix a made-up problem, and abuses the probability that victims won’t pay much attention to the exact commands they have been asked to paste and execute on their device,” Kropáč explained.
Kropáč added: “With its growing popularity, it is possible that Microsoft and Apple, but also the open-source community, will add some kind of security warning like the one used for macros in Word or Excel, or for files copied from the internet, notifying users that they are about to execute a potentially dangerous script.”
