New ClickFix scam tricks users into installing malware, cybersecurity expert warns

New ClickFix scam tricks users into installing malware, cybersecurity expert warns

New ClickFix scam tricks users into installing malware, cybersecurity expert warns

https://katv.com/community/little-rock-arc/new-clickfix-scam-tricks-users-into-installing-malware-cybersecurity-expert-warns-human-verification-security-protections-passwords-credentials-remote-access-sullivan-wright-technologies

Publish Date: 2026-07-07 18:38:00

Source Domain: katv.com

A resurfacing scam known as “ClickFix” is tricking people into installing malware on their own devices by posing as a “prove you’re human” verification step, according to cybersecurity expert Chris Wright of Sullivan Wright Technologies.

Wright said the scam has been around for a while but has “reared its head again with a new theme,” using prompts that look like familiar human-verification tests. The key difference, he said, is that ClickFix instructs users to copy and paste code onto their own computer and run it, which can bypass typical security protections.

“It’s asking you to actually copy code into your own computer, so it’s kind of bypassing all of your protective mechanisms and saying go ahead and paste this sight unseen code and run it for me,” Wright said.

Wright said that once a victim runs the code, it can give an attacker a foothold on the device. That access can be used to steal sensitive information such as “passwords and credentials,” he said, or to install a remote access tool that allows the attacker to return repeatedly.

He said cybercriminals are increasingly targeting everyday people rather than only large institutions.

“There’s so many of these folks who, they’re, you know, they don’t need a whole lot, so they’re going to come after the little folks like us,” Wright said. “If they can get a little bit of money, if they can hit your small bank account, or you know, get something out of your email, then that’s good enough for them.”

To protect against ClickFix-style attacks, Wright said people should be wary of any “prove you’re human” prompt that instructs them to open system tools and paste in commands.

“It’s asking you to hit Windows key in R or on a Mac to hit command space and then type terminal and then paste some stuff in there,” Wright said. “Know that that is bad, because the tactic is going to be the same for all of these.”

Wright said the scam can be…

Source