Do not open this website.
Getty Images
Updated on Nov. 27 with further Windows update warnings issued for users.
This is wild and new. Attackers have worked out that malicious emails pushing links to adult sites will solicit plenty of clicks. Unfortunately, those clicks trigger a fake update that installs dangerous malware on your device. As tempting as it may be — do not click.
ForbesStop Using Your VPN—Feds Warn iPhone And Android UsersBy Zak Doffman
The team at Acronis warn the “novel ‘JackFix’ attacks” combine “screen hijacking techniques with ClickFix, displaying a realistic, full-screen Windows Update of ‘Critical Windows Security Updates’ to trick victims into executing malicious commands.”
We have seen plenty of seemingly innocuous lures to drive ClickFix attacks, most being fake captchas and technical support pop-ups. But this new campaign “leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism.”
Fake porn website.
Acronis
Acronis says “the adult theme, and possible connection to shady websites, add to a victim’s psychological pressure, making victims more likely to comply with sudden ‘security update’ installation instructions.”
The attack itself hijacks a PC’s entire screen, “displaying an authentic looking Windows Update screen — complete with the appropriate animations, a counting-up percentage of progress and the appearance of going full screen.”
Fake Windows update screen.
Acronis
The attack is executed entirely within the PC’s browser, and Acronis says the resulting screen hijacking “is something we haven’t seen done before this campaign, but the principle is well proven and goes back over 15 years.” The adult content is the new twist on a theme, enticing users to click before “the trap is sprung.”
Psychologically, the lure is designed to catch you when you’re on edge, clicking something you know you probably shouldn’t. And so when an urgent security update screen opens, you’re more likely to be tricked into engaging.
Staying safe is easy. Don’t access adult sites from links in emails or messages or pop-ups. As with any other website, access it directly using the usual means.
It’s not only fake porn sites trying to trick Windows users into clicking where and when they shouldn’t. A new campaign, flagged on X, warns that an “infostealer is being delivered by an in-browser fake Windows Update, abusing the Fullscreen API (on-click), and using ClickFix-style lures to trick users.”
And separately, the team at Huntress has flagged a “multi-stage malware execution chain, originating from a ClickFix lure, that leads to the delivery of infostealing malware, including LummaC2 and Rhadamanthys.”
In this other instance, it’s steganography — concealing malicious code in images — rather than more illicit lures that has been deployed. “The malicious code is encoded directly within the pixel data of PNG images, relying on specific colour channels to reconstruct and decrypt the payload in memory.”
ForbesMicrosoft Update Warning—1 Billion Windows Users Must Now ActBy Zak Doffman
As ever with ClickFix, the campaigns are designed to trick a user into attacking their own devices. Never copy and paste or run code when prompted to do so by an attachment, a link or a pop-up.