A new cyber threat called ClickFix is reportedly spreading rapidly online, using fake emails, websites and search results to trick users into pasting a single line of code that instantly infects their computers.
Hackers Use Fake Hotel Emails, WhatsApp Messages and Google Links
Security researchers are warning of a fast-growing scam known as ClickFix.
It targets both Microsoft Corporation's (NASDAQ:MSFT) Windows and Apple Inc.'s (NASDAQ:AAPL) macOS users through realistic-looking emails, WhatsApp messages and even top Google search results, reported ARS Technica.
The scam often starts with what appears to be a legitimate message from a hotel, complete with accurate booking details.
In other cases, users encounter the malicious link while searching for services online.
Once victims land on the fake site, they are prompted to complete a CAPTCHA or verification step and are told to copy and paste a line of text into their computer's terminal or command prompt.
That single step gives hackers remote access, allowing malware to download and install silently in the background, the report said.
One Line Of Code, Full System Compromise
Cybersecurity firm CrowdStrike Inc. (NASDAQ:CRWV) described the scheme as a growing favorite among cybercriminals because it's fast and hard to detect.
The firm's researchers noted that hackers are leveraging one-line installation commands to distribute macOS information stealers, bypassing built-in protections such as Apple's Gatekeeper.
The primary malware strain linked to these attacks, known as Shamos, can steal login credentials, crypto wallet data and modify system settings to ensure it runs after every reboot.
On Windows, a related campaign installs malware called PureRAT, often disguised behind fake Cloudflare CAPTCHA pages.
Awareness Is The Best Defense
Because ClickFix uses legitimate-looking channels — including real hotel accounts compromised through platforms like Booking.com — it easily bypasses traditional antivirus tools.
Security experts from Microsoft and Push Security say awareness is the strongest line of defense.
Users should never copy-paste commands from unfamiliar sites, even if they appear trustworthy and should verify suspicious messages directly with the sender, the report noted.
With the holiday travel season approaching, experts urge users to warn family and friends: one careless click or copy-paste could hand hackers the keys to your computer.
Benzinga's Edge Stock Rankings place Microsoft in the 98th percentile for Growth, highlighting its solid long-term fundamentals and strong investor confidence. Click here to compare its performance with industry peers.
Read Next:
Disclaimer: This content was partially produced with the help of Benzinga Neuro and was reviewed and published by Benzinga editors.
Photo Courtesy: africa_pink on Shutterstock.com
