Watch out for this new malware trick that looks like Cloudflare and hijack your clipboard in seconds
- Advertisement -
Related Posts
- Advertisement -
- ClickFix uses fake capscha screens to mislead users to start malware via simple keyboard assignments
- The phishing page mimics Cloudflare perfectly, up to radius IDs and security boundaries
- Click on “Check if you’re human” Start a process that states your machine in silence with malware
An advanced but deceptively simple phishing technique is currently circulating, using fake -cloudflare captcha pages to infect users with malware.
New research by Slashnext Claims that the technology, known as a ClickFix, hunts well -known internet behavior, whereby users are misled to carry out assignments that install harmful software.
Clickfix works by presenting a fake version of Cloudflare’s Turnstile Captcha page page. Everything, from the visual layout to technical elements such as the Ray ID -identification, has been convincingly replicated.
Depends on a prompt that users usually do not take a closer look
The phishing site can be hosted on a domain that looks strongly like a legitimate one or on a real website that is affected.
When users land on the page, they are asked to check a box with the label “Check if you are human.” This step seems to be routine and does not increase suspicions – but what follows is the core of the scam: users are led by a series of instructions – Press win+R, then Ctrl+V, and eventually enter.
These steps seem harmless, but they perform a PowerShell assignment that has already been copied in silence to the user’s clipboard.
Once carried out, the assignment can collect malware such as Stealc, Lumma or even external access Trojan horses such as NetSupport Manager.
“Clickfix is a social engineering attack that misleads users to carry out malicious assignments on their own devices – all under the guise of a routine security control,” said security researcher Daniel Kelley.
What makes Clickfix particularly treacherous is how standard security expectations turn into weapons. The padlock icon, the well-known captcha format and a legitimate-looking URL all serve to be allowed to comply with users.
This uses what researchers call “verification fatigue”, the tendency of a user to click through security prompts without the correct control.
The trick does not depend on the operation of software -vulnerabilities, but on abusing trust and usual behavior.
The phishing page is supplied as a single HTML file, but contains embedded scripts and obscured code that is designed to perform clipboard injections.
Because it uses legitimate Windows tools and downloading no executable files, it can avoid many traditional detection tools.
Standard weather, such as antivirus software or endpoint protection, are usually aimed at catching suspicious downloads or binaries. But in this case, users are misled to launch the threat themselves.
This emphasizes the need for advanced Malware protection With zero hours of defense, able to detect clip board injections and fake-capsha screens in real time.
Maybe you like it too
- Advertisement -
