The scripts deploy malware on these devices, and the “payloads affect Windows and macOS devices,” according to Microsoft, which leads to “information theft and data exfiltration.” The malware, however, can be anything from a type of initial access for ransomware to an entry point for attacking a larger enterprise network.
Initially, ClickFix surfaced as a technical assistance pop-up before moving to Captchas. Fake challenges to use a website are now using a copy, paste, and run command instead of your standard ‘choosing the correct cars and bus’ challenge. The user is instructed to click prompts and copy, paste, and run commands “directly in the Windows Run dialog box, Windows Terminal, or Windows PowerShell,” Microsoft says, and it’s usually blended with “delivery vectors such as phishing, malvertising, and drive-by compromises, most of which even impersonate legitimate brands and organizations to reduce suspicion from their targets further.”
Users should be careful not to run these prompts. You may be lured in various ways that seem innocent, but never copy and paste and run a script in Windows. You can be safe this way. However, as it happens, due to the advancement of
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: