A New Threat to Beware of: Do NOT Take These Steps to Verify You Are a Human

You visit a website, then a pop-up asks you to confirm you’re a real person by entering a certain word, clicking a set of images, etc.

These automated Turing tests have become so common, everyone needs to be aware of a sophisticated malware distribution method that has recently gone mainstream. Dubbed “ClickFix” in the cybersecurity community, this new attack mimics the “verify you’re a human” tests we’ve all gotten used to.

At first, the malicious pop-up will feel familiar and may seem harmless enough. It will look something like the image you see above.

Clicking the button will then ask the user to take the following three steps, which will deploy the malware:

• Press Windows Key + R (opens the “Run” command)
• Press CTRL + V (pastes malicious code from the site’s virtual clipboard)
• Press Enter (downloads and runs that code via mshta.exe)

Don’t do it! This sequence results in the downloading and execution of malware.

Aside from clicking the button to begin with, the key misstep here is opening the Run command. Real verification tools like CAPTCHA will NEVER ask you to run Windows commands.

*Note from KaufmanIT: While we’re on the topic of security: do you know if your email security settings have been properly enabled? Use our free, 30-second tool to find out.

If a website asks you to open the “Run” dialog or paste anything into it, close the page immediately. It’s a huge red flag.

Thankfully, the steps required to avoid this sort of disaster are pretty straightforward:

• User Education: Emphasize to all employees that legitimate CAPTCHA tests never involve executing system commands. Any request to use the Run dialog or paste commands should be treated as an immediate security risk. Consider sharing this article with your team today to make them aware of this threat.
• Technical Controls: System administrators should implement Group Policy restrictions to disable the Windows Run command (Windows Key + R) initiation. This proactive measure significantly reduces the attack surface.

“ClickFix” represents a tangible threat. Although the steps above are simple, basic awareness is a powerful ally in the fight against malware – particularly because people will always be your organization’s weakest cybersecurity link.

My strong recommendation is to stop right now, spend 5 minutes and take these easy preventative measures to better protect your network.