Skip to main content

ClickFix May Be the Biggest Security Threat Your Family Has Never Heard Of

1 hour 16 minutes ago
An anonymous reader quotes a report from Ars Technica: ClickFix often starts with an email sent from a hotel that the target has a pending registration with and references the correct registration information. In other cases, ClickFix attacks begin with a WhatsApp message. In still other cases, the user receives the URL at the top of Google results for a search query. Once the mark accesses the malicious site referenced, it presents a CAPTCHA challenge or other pretext requiring user confirmation. The user receives an instruction to copy a string of text, open a terminal window, paste it in, and press Enter. Once entered, the string of text causes the PC or Mac to surreptitiously visit a scammer-controlled server and download malware. Then, the machine automatically installs it -- all with no indication to the target. With that, users are infected, usually with credential-stealing malware. Security firms say ClickFix campaigns have run rampant. The lack of awareness of the technique, combined with the links also coming from known addresses or in search results, and the ability to bypass some endpoint protections are all factors driving the growth. The commands, which are often base-64 encoded to make them unreadable to humans, are often copied inside the browser sandbox, a part of most browsers that accesses the Internet in an isolated environment designed to protect devices from malware or harmful scripts. Many security tools are unable to observe and flag these actions as potentially malicious. The attacks can also be effective given the lack of awareness. Many people have learned over the years to be suspicious of links in emails or messengers. In many users' minds, the precaution doesn't extend to sites that instruct them to copy a piece of text and paste it into an unfamiliar window. When the instructions come in emails from a known hotel or at the top of Google results, targets can be further caught off guard. With many families gathering in the coming weeks for various holiday dinners, ClickFix scams are worth mentioning to those family members who ask for security advice. Microsoft Defender and other endpoint protection programs offer some defenses against these attacks, but they can, in some cases, be bypassed. That means that, for now, awareness is the best countermeasure. Researchers from CrowdStrike described in a report a campaign designed to infect Macs with a Mach-O executive. "Promoting false malicious websites encourages more site traffic, which will lead to more potential victims," wrote the researchers. "The one-line installation command enables eCrime actors to directly install the Mach-O executable onto the victim's machine while bypassing Gatekeeper checks." Push Security, meanwhile, reported a ClickFix campaign that uses a device-adaptive page that serves different malicious payloads depending on whether the visitor is on Windows or macOS.

Read more of this story at Slashdot.

BeauHD

Visual Studio 2026 Released

1 hour 46 minutes ago
Dave Knott writes: Microsoft has released Visual Studio 2026, the first major version of their flagship compiler in almost four years. Release notes are available here. The compiler has also been updated, including improved (but not yet 100%) C++23 core language and standard library implementations.

Read more of this story at Slashdot.

BeauHD

PS5 Has Now Officially Outsold Every Xbox Console Ever Released

2 hours 16 minutes ago
Sony reported that PlayStation 5 sales have reached 84.2 million units, officially surpassing every Xbox console ever released. IGN reports: The PlayStation 5 is now up to 84.2 million copies sold after shifting an additional 3.9 million units during the three-month period ending September 30, Sony has announced. That's a slight increase on the 3.8 million PS5 units Sony sold during the same quarter last year, but it's an impressive result given the price of the console has actually gone up over the course of this generation, rather than come down. [...] As an aside, unlike Sony, Microsoft does not make Xbox Series X and S sales figures public, but analysts have suggested the combined Xbox Series effort is being outsold by the PS5 by at least a factor of 2:1. The more appropriate comparison for the PS5 then, is with its predecessor, the PlayStation 4. Five years into the current console generation, the PS5 is slightly behind the PS4 (the PS4 sold-in to retailers more than 86.1 million units after five years on sale). But Sony has said this console generation is its most financially successful ever, with sales surpassing those made during the reign of all previous Sony consoles.

Read more of this story at Slashdot.

BeauHD