Security Month: Warning About a New Type of Cyberattack

A new and cunning method aims to make you activate malware yourself.

"The attack method, which is called ClickFix, is a method where the attacker aims at tricking you into executing commands on your own computer. The perpetrators of the cyberattack make you "fix" something via clicking and pasting, explains," Gustav Birkeland, Chief Information Security Officer (CISO) at OsloMet.

Robot verifications and error messages

According to Microsoft, such attacks are being observed more and more frequently. The attacks are often disguised as, for example, "I am not a robot" verifications (CAPTCHAs) or fake error messages that appear authentic.

“This makes it challenging even for modern security tools to block the attack because it is your clicks and actions that activate the malicious code. We have observed such attacks in which OsloMet users were deceived. So far, these have been stopped by security measures implemented by the Department of ICT ,” says Birkeland.

Here are examples of what organizations may face:

Passwords and login credentials are stolen.
PCs are used to spread cyberattacks further within the organization’s systems and to its partners.
Attackers send emails to entire contact lists from employees’ accounts.
Files and data are deleted, locked, or misused for purposes such as identity theft.
Organizations lose access to critical systems.

What should you be particularly cautious about?

Messages or websites claiming you need to "fix something now" with a single click or verification.
PC support or repair videos on YouTube and TikTok, for example, claiming to help with a slow computer or removing viruses. These may include copy-and-paste commands that install malware.
Requests to copy commands and paste them elsewhere, such as in "Run" (Windows key + R), a quick function in Windows to start programs, folders, or system tools by typing their names in a small text field.
"I am not a robot" pop-ups (CAPTCHA) or verifications that lead you to additional steps. Attackers exploit the fact that we are used to clicking through such checks and add extra steps that damage your computer, your data, and OsloMet.
Web addresses that look suspicious, such as strange website names with only numbers and symbols.
Pop-up windows attempting to scare or pressure you into acting immediately. Such warnings can also come in the form of emails or SMS messages, attempting to force you to act quickly.

What should you do if you're unsure?

Stop and think. Don't let yourself be pressured into clicking.
Check the sender and web address. Are they legitimate?
Do not paste commands or perform what they are asking you to do.
Take a screenshot and report it to sikkerhet@oslomet.no.
Don't be fooled by verification pages. Genuine system alerts usually don't require you to execute commands yourself.
If in doubt, contact the IT Service Desk first.