Security researchers from Huntress are warning the public about a new variant of ClickFix, one of the most popular scam methods right now. In this variant, you’re hit with a full-screen browser page that claims an important security update needs to be installed via Windows Update.
During the “installation” of this fake update, a hidden malicious command is copied to your clipboard. Then, you’re asked to press a specific combination of keyboard keys in this order: Windows key + R (which opens the Run window), Ctrl + V (which pastes the malicious command into the Run window), then Enter (which runs the malicious command).
If you follow the instructions as stated, the LummaC2 and Rhadamanthys malware gets installed on your system through a system of complex exploits. That malware can then be used to steal sensitive information.
It’s unclear at the time of writing how many users have been affected by the campaign, which began in early October.
This article originally appeared on our sister publication PC för Alla and was translated and localized from Swedish.
Author: Mikael Markander, Contributor, PCWorld
Mikael writes news across all our consumer tech categories. He has previously worked with Macworld, but today mainly writes for our sister sites PC för Alla and M3. Mikael has a firm grasp on which gadgets are released, and what is happening with the streaming services and the latest AI tools.
