- Security researchers have found clickfix attacks evolving to target other operating systems
- On Android and iOS, the attack is particularly disturbing, because it turns into a training attack
- Malware is already reported by antivirus programs
Clickfix, a infamous hacking technique that encourages people to manage malicious software thinking that they solve a problem on their computer, has evolved, experts have warned.
New research from C / Side has revealed what was once a Windows attack method only is also able to target macO, iOS and Android devices.
In a blog article analyzing the evolution, the researchers said that the new attack begins with a compromised website. The threat stakeholders would inject the JavaScript code which redirected users to a new browser tab when they clicked on certain elements of the page. The new tab then displays a page that looks like a legitimate URL shortening, with a message to copy and paste a link in the browser – and make it trigger another redirection, this time to a download page.
Recover the malicious payload
This is where the technique diverges, according to the operating system of the victim.
On MacOS, the attack leads to a terminal command which recovers and executes a script of malicious shell, already reported by several antivirus programs.
On Android and iOS, things are even worse, because the attack no longer requires user interaction.
“When we tested this on Android and iOS, we expected a clickfix variant. But instead, we met a car attack,” said the researchers.
“A steering wheel attack is a type of cyber attack where the malicious code is executed or downloaded on a device simply by visiting a compromised or malicious web page. No clicks, installations or interaction required.”
In this case, the site downloads an .TAR archive file, holding malware. This has also been reported by at least five antivirus programs already.
“This is a fascinating and scalable attack that shows how attackers expand their scope,” said C / Side. “What started as a specific clickfix campaign for Windows now targets MacOS, Android and iOS, considerably widening the scale of the operation.”
