Meet call when an error message appears, suggesting a quick fix. It seems straightforward—just a simple command to resolve the issue. But what if that "fix" is actually a trap set by cybercriminals?
This is the tactics of ClickFix, a growing malware campaign targeting both Windows and macOS users. Hackers are becoming more sophisticated, using trusted platforms like Google Meet, Zoom, and Facebook to trick people into installing malware.
In this campaign, attackers create fake Google Meet pages that prompt users to run harmful code disguised as a fix for the error. On Windows, this can unleash infostealers like StealC or Rhadamanthys, while macOS users might end up downloading a dangerous disk image containing the Atomic stealer.
Why should your business care? Because ClickFix exploits trust. It takes advantage of familiar platforms where users feel safe, making it easy for cybercriminals to slip past security measures. The trick is simple—getting users to copy and paste a command—but it’s effective and hard for standard security tools to catch.
The attackers use social engineering, crafting fake websites that look like trusted brands such as:
• meet.google.us-join[.]com
• webroom-zoom[.]us
• googiedrivers[.]com
These fake sites make users think they’re fixing a minor issue, but they’re actually installing malware.
Who’s Behind It? Organized groups like Slavic Nation Empire and Scamquerteo run these operations. They don’t work alone—they share tactics, infrastructure, and code, making it tough to shut them down.
How to Protect Your Business
• Educate Your Team: Make sure employees know that even familiar platforms can be risky. Encourage them tocheck URLs carefully and avoid running unknown commands.
• Improve Endpoint Security: Standard tools might miss these attacks. Use solutions that can detect unusualactivities, like running unexpected scripts.
• Stay Alert for Fake Domains: Keep an eye on evolving threats and fake domain names linked to trusted platforms like Google Meet or Zoom.
ClickFix shows how easily trust can be exploited. But by staying informed and cautious, your organization can stay ahead. The next time an error message appears, think twice before clicking "run."
.png)
.png)