ClickFix Cybersecurity Advisory
The Big Picture: A fast-growing cybersecurity scam called “ClickFix” is tricking users into installing malware themselves, completely bypassing traditional antivirus software.
How it works
Unlike classic phishing attacks that steal your password via a fake login page, ClickFix relies on fake error messages embedded into compromised websites.
The Trap: You visit a website and a pop-up appears, often disguised as a routine “human verification” (CAPTCHA) or a browser error.
The Trick: Clicking the prompt automatically copies a hidden, malicious script to your computer’s clipboard.
The Payload: The site instructs you to open your computer’s terminal (like Windows PowerShell) and paste the code. Once pasted, the script steals your browser credentials, crypto wallets, and sensitive files.
Red flags to watch for
Urgent “Fix-It” pop-ups: Legitimate websites won’t claim your browser is broken and require an immediate patch to view content.
Copy-paste requests: Real software updates will never ask you to copy text and paste it into a system terminal or command line.
Keyboard shortcut prompts: Be highly suspicious if a site tells you to press shortcuts like Windows + R or open the Mac Terminal.
Complex CAPTCHAs: If proving you aren’t a robot involves anything more than a simple checkbox or image puzzle, close the tab.
Go deeper
For a technical breakdown of this threat, read the full Microsoft Security report on the latest ClickFix variants.