1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Devious new ClickFix malware variant targets macOS, Android, and

    From TechnologyDaily@1337:1/100 to All on Friday, May 30, 2025 20:15:08
    Devious new ClickFix malware variant targets macOS, Android, and iOS using browser-based redirections

    Date:
    Fri, 30 May 2025 19:07:00 +0000

    Description:
    ClickFix is no longer confined to Windows software, and is particularly nasty on iOS and Android.

    FULL STORY ======================================================================Security
    researchers found ClickFix attacks evolving to target other operating
    systems On Android and iOS, the attack is particularly worrisome, as it transforms into a drive-by attack The malware is already being flagged by antivirus programs

    ClickFix, an infamous hacking technique that tricks people into running malware thinking theyre fixing a problem on their computer, has evolved, experts have warned.

    New research from c/side has revealed what used to be a Windows-only attack method is now capable of targeting macOS, iOS and Android devices, as well.

    In a blog post analyzing the evolution, the researchers said the new attack starts with a compromised website. The threat actors would inject JavaScript code which redirected users to a new browser tab when they clicked on certain elements on the page. The new tab then displays a page that looks like a legitimate URL shortener, with a message to copy and paste a link into the browser - and doing so triggers yet another redirect, this time to a download page. Fetching the malicious payload

    Here is where the technique diverges, depending on the operating system of
    the victim.

    On macOS, the attack leads to a terminal command that fetches and executes a malicious shell script, already flagged by multiple antivirus programs.

    On Android and iOS, things are even worse, since the attack no longer
    requires any user interaction.

    When we tested this on Android and iOS, we expected a ClickFix variant. But instead, we encountered a drive-by attack, the researchers explained.

    A drive-by attack is a type of cyberattack where malicious code is executed
    or downloaded onto a device simply by visiting a compromised or malicious webpage. No clicks, installs, or interaction required.

    In this case, the site downloads a .TAR archive file, holding malware. This one, too, was flagged by at least five antivirus programs already.

    This is a fascinating and evolving attack that demonstrates how attackers are expanding their reach, c/side explained. What started as a Windows-specific ClickFix campaign is now targeting macOS, Android, and iOS, significantly expanding the scale of the operation. You might also like New ClickFix campaign spotted hitting both Windows and Linux machines Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/devious-new-clickfix-malware-variant-ta rgets-macos-android-and-ios-using-browser-based-redirections


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)