A sophisticated blend of propagation methods, clever narratives, and advanced evasion techniques has fueled the rise of the social engineering tactic known as ClickFix over the past year, according to new research from Guardio Labs. Security researcher Shaked Chen notes that this new strain has rapidly outpaced the infamous fake browser update scam. 'Like a real-world virus variant, this new 'ClickFix' strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web just last year,' Chen stated. 'It did so by removing the need for file downloads, using smarter social engineering tactics, and spreading through trusted infrastructure.' The result is a widespread wave of infections, ranging from mass drive-by attacks to highly targeted spear-phishing campaigns. First detected in early 2024, ClickFix deceives targets into compromising their own systems under the guise of fixing a fake problem or completing a CAPTCHA verification, leading to cross-platform infections on both Windows and macOS.
