In breve
Threat actor DriveSurge has compromised thousands of legitimate, high reputation websites and is silently redirecting visitors to malware payloads via two well known social engineering lures: ClickFix (fake verification pages that ask you...
Come funziona
Threat actor DriveSurge has compromised thousands of legitimate, high reputation websites and is silently redirecting visitors to malware payloads via two well known social engineering lures: ClickFix (fake verification pages that ask you...
Indicatori rossi
- A popup or page claiming a CAPTCHA/verification failed and asking you to open Run, Terminal, or PowerShell and paste a command. A browser update prompt appearing while browsing a random website (real updates live in the browser's own settings menu). A downloaded "update" delivered as a ZIP with multiple DLLs and an .exe installer
Cosa fare
- 1Never paste commands from a webpage into Windows Run, cmd, PowerShell, or macOS Terminal. Update browsers only via the app'
Fonte
bleepingcomputer
Fonte verificata da Mythos Forensic Team
https://www.bleepingcomputer.com/news/security/hackers-hijack-thousands-of-sites-for-clickfix-and-fakeupdate-attacks/FAQ
ClickFix and FakeUpdate attacks hijack thousands of legitimate sites to push malware e una truffa reale?
Si. Tratta messaggi, chiamate o richieste di pagamento come sospette finche non le verifichi da un canale ufficiale.
Quali sono i primi segnali?
A popup or page claiming a CAPTCHA/verification failed and asking you to open Run, Terminal, or PowerShell and paste a command. A browser update prompt appearing while browsing a random website (real updates live in the browser's own settings menu). A downloaded "update" delivered as a ZIP with multiple DLLs and an .exe installer
Cosa devo fare subito?
Never paste commands from a webpage into Windows Run, cmd, PowerShell, or macOS Terminal. Update browsers only via the app'
LegalAudit puo controllare il mio caso?
Si. Apri la chat gratis e incolla messaggio, link, mittente o dati di pagamento per un triage.