![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneThere's a new hack that has become widespread. It's actually been around for a while, it was previously kind of tightly targeted. But now you can compromise a web site and install this crap and you have a good chance of infecting all sorts of people who stop by!
It starts looking like a form of CAPTCHA: prove that you're a human. It wants you to do three things:
1. Press the Windows button plus R
2. Press Control-V
3. Press Enter.
What you've just done is open a command prompt and pasted some code that the compromised web page has placed inside your computer's paste buffer. That code installs a remote-access toolkit (RAT), key capture program(s), things to further compromise your PC's security, etc. You no longer own your computer.
Things like this is why we can't have nice things. You'll most commonly see these on lookalike web sites impersonating known sites through typosquatting, etc.
https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/
(yes, I'm cleaning out browser windows)
It starts looking like a form of CAPTCHA: prove that you're a human. It wants you to do three things:
1. Press the Windows button plus R
2. Press Control-V
3. Press Enter.
What you've just done is open a command prompt and pasted some code that the compromised web page has placed inside your computer's paste buffer. That code installs a remote-access toolkit (RAT), key capture program(s), things to further compromise your PC's security, etc. You no longer own your computer.
Things like this is why we can't have nice things. You'll most commonly see these on lookalike web sites impersonating known sites through typosquatting, etc.
https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/
(yes, I'm cleaning out browser windows)
