Davey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
across its products and services. One example is the latest social engineering tactic reported by the Sekoia threat detection and research team: bypassing web browser protections such asby tricking victims into opening fake Google Meet conference pages that install infostealer malware. The scam, named as ClickFix, is currently targeting cryptocurrency assets and decentralized finance users.
Rather than deploy the malware distribution execution by way of visiting a web page from your browser, the ClickFix campaign, the researchers said, relies upon getting the victim to download and run malware directly. No browser download, no manual file execution, just good old-fashioned trickery to bypass those pesky browser security protections.
The ClickFix campaign, not to be confused with legitimate companies and applications of the same name, which is unfortunately confusing, has been running since September 2024. It has already, the analysts said, been adopted to “widely distribute malware.” It operates with a decoy that, it is warned, “could be particularly devastating in campaigns targeting organizations that use Google Workspace, especially Google Meet.
relies upon being able to tamper with an application, without it being visually obvious to the user, so as to download malware. The use of ClickFix in multiple malware distribution campaigns across recent weeks is, the Sekoia report said, “in line with the growing, ongoing trend of distributing malware through the drive-by download technique.” This is, above all else, employed so as to evade security scanning protections and browser security features, the researchers suggested.
Using phrases such as “press the key combination” or “CTRL+V” pop-up error messages, yes, such tactics are still used, and apparently, they are still thriving. The attackers were often found to be suggesting issues concerning the microphone. This type of scam can be fallen for because the errors that pop up are on faked Google Meet pages with plausible domain names leveraging a meet.google structure. Clicking on the “Try Fix” button would then result in the malware download being initiated.
Google Chrome Google Chrome Security Google Meet Clickfix Hackers Clickfix Attack Sekoia Report Hackers Bypass Google Security
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Don’t trust that Google sign-in — how hackers are swiping passwords in ChromeHackers are using a new method to steal your Google password, and it happens from the official sign-in page.
Read more »
New Chrome Alert After Hackers Claim 2FA Security Cracked In 10 MinutesDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Google Issues New Chrome Warning—Update Deadline Is TodayZak Doffman has covered security, surveillance and privacy on Forbes since 2018. His focus includes the latest updates from the world’s largest tech companies, staying safe on smartphones and social media, and the dangers of AI.
Read more »
New Google Chrome 129 Security Alert For All Users—Update NowDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Google Confirms New Quantum Encryption For Chrome Is Coming Nov. 6Davey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Google Chrome may start resurfacing tabs from your other devicesGoogle is improving the way its cross-platform tab syncing works to make the handoff between devices even more seamless.
Read more »