TLDR
Threat actor DriveSurge has compromised thousands of legitimate, high reputation websites and is silently redirecting visitors to malware payloads via two well known social engineering lures: ClickFix (fake verification pages that ask you...
Como funciona
Threat actor DriveSurge has compromised thousands of legitimate, high reputation websites and is silently redirecting visitors to malware payloads via two well known social engineering lures: ClickFix (fake verification pages that ask you...
Señales de alerta
- A popup or page claiming a CAPTCHA/verification failed and asking you to open Run, Terminal, or PowerShell and paste a command. A browser update prompt appearing while browsing a random website (real updates live in the browser's own settings menu). A downloaded "update" delivered as a ZIP with multiple DLLs and an .exe installer
Qué hacer
- 1Never paste commands from a webpage into Windows Run, cmd, PowerShell, or macOS Terminal. Update browsers only via the app'
Fuente
bleepingcomputer
Fuente verificada por Mythos Forensic Team
https://www.bleepingcomputer.com/news/security/hackers-hijack-thousands-of-sites-for-clickfix-and-fakeupdate-attacks/FAQ
Es ClickFix and FakeUpdate attacks hijack thousands of legitimate sites to push malware una estafa real?
Si. Trata el mensaje, la llamada o la solicitud de pago como sospechosos hasta que los verifiques por un canal oficial.
Cuales son las primeras senales?
A popup or page claiming a CAPTCHA/verification failed and asking you to open Run, Terminal, or PowerShell and paste a command. A browser update prompt appearing while browsing a random website (real updates live in the browser's own settings menu). A downloaded "update" delivered as a ZIP with multiple DLLs and an .exe installer
Que debo hacer primero?
Never paste commands from a webpage into Windows Run, cmd, PowerShell, or macOS Terminal. Update browsers only via the app'
Puede LegalAudit revisar mi caso?
Si. Abre el chat gratis y pega el mensaje, el enlace, el remitente o los datos de pago para un triage.