Fresh ClickFix attacks use Windows Update trick-pics to steal credentials

A fresh wave of ClickFix attacks is using fake Windows update screens to trick victims into downloading infostealer malware.

ClickFix is a type of social engineering technique that tricks users into running malicious commands on their own machines, typically using fake fixes or I-am-not-a-robot prompts. These types of attacks have surged over the past year, with both government-sponsored spies and cybercriminal gangs deploying this technique to deliver malware.

According to Microsoft, ClickFix is now the most common initial access method for attackers.

Recent ClickFix attacks are moving away from the robot-check lures and instead using "highly convincing" phony Windows update screens, according to Huntress security analysts Ben Folland and Anna Pham.

In another new twist, the malware slingers use a steganographic loader to deliver infostealing malware, including Rhadamanthys, by encoding malicious code directly into the pixel data of PNG images and then using specific color channels to reconstruct and decrypt ...