What the Malware Does
Once executed, the script asks for the system password, disables security features, and downloads AMOS, which is designed to:
-
Harvest passwords
-
Steal cryptocurrency wallet keys
-
Extract browser autofill data
-
Access saved cookies
Researchers believe the campaign originates from Russian-speaking actors, based on linguistic traces within the code and errors such as Linux users receiving Windows-specific commands.
A Growing Trend in Cybercrime
ClickFix represents a new wave of cyberattacks where users become the delivery mechanism. It eliminates the need for complex exploits or software vulnerabilities by instead relying on human trust and habit.
In earlier campaigns, the same tactic was used to deliver PowerShell-based malware to Windows users. By November 2024, ClickFix had evolved further to target Google Meet users via phishing emails that mimicked internal corporate invites and redirected to spoofed Google Meet pages.
Time-Traveling Hackers: FBI and Kurt the CyberGuy Warn of New Cyberattack
How to Protect Against ClickFix
To safeguard against threats like ClickFix, follow these essential tips:
