Mastodawn

Jason Stuart 20h ago

BrianKrebs

Don't look now, but it seems Gizmodo's homepage is now serving up a Clickfix attack.

Basics of the Click-Fix exploit, which causes a pasted URL to fetch malware via Windows Powershell.

https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/

Holy moly

@briankrebs oh lucky me I get a queue id and everything!

Show thread

Bill Zaumen 19h ago

@briankrebs Thanks, Brian. I tried to read a science-related article on Google News today that linked to gizmodo and the damn thing wouldn't load, going around in what seemed like an endless loop.. But, I'm using firefox, noscript, and Linux, so Windows Powershell is not there. I never saw the image you showed.

@briankrebs oh... so this explains why I was presented with a blurry page upon trying to access a Gizmodo article a few mins ago. Because I have uBO set to practically disable JS code execution for Gizmodo, I got nothing but the CSS blur filter, so my first thought was "Gizmodo is now paywalled" (which wouldn't be surprising given how things always enshittify), then I used Fennec's Reader mode to read the article, but now that I'm aware Gizmodo is serving straight up malware, I'm going to avoid Gizmodo altogether (even though I use uBO and I disable JS code execution in it). By the way, thanks for warning.

Show thread

suzune 17h ago

@briankrebs My god. This page has got many trackers. Since it does not load fully for me, I can see some blurry pages, when I click links on the main page.

The tracker blocking (hagezi's blacklist) seems to suppress the attack.

Show thread

Timothy Wynn 17h ago

@briankrebs Interestingly unlike real CAPTCHAs, this one has at least one screen reader issue, e.g., the check-box not coded to be accessible. That, and while the site isn't visible, everything looks perfectly normal to a screen reader.

Show thread

TrimTab 🇺🇦17h ago

@briankrebs
I used to say people falling for such stuff deserved to pay the price of being morons.

Then I realized a good number of folks in my family might follow those instructions... :-/ Sucks.

Show thread

Tommy M (TheAnalyst)16h ago

@briankrebs #ErrTraffic to #NetSupportRAT see my quote reply :)

Show thread

Brokar 16h ago

@briankrebs Why do people still fall for that?

Show thread

Michael McWilliams 16h ago

@briankrebs
They appear to be working on it.

Show thread

Tokyo Outsider (337ppm)16h ago

@briankrebs I ran across one of these in the last week or so on another site that seemed as though it should otherwise have been legit 🤔

Show thread

David W. Jones 16h ago

@briankrebs
Always remember: only visit trustworthy websites! 😉

Show thread

BoloMKXXVIII 14h ago

@dancingtreefrog @briankrebs
Not many are left. :-(

Show thread

Radio Azureus 10h ago

Stop trusting the internet use smoke a signals!

@dancingtreefrog @briankrebs

Show thread

ITsec Agentur 14h ago

@briankrebs well, something is going on

Show thread

Bent Stamnes 13h ago

@briankrebs What? The site with so many ads you can’t even see the articles? Noooo how could that possibly happen…

Show thread

Atkelar 13h ago

@briankrebs I mean... Does that even count as an attack? I was worried they used some backdoor RCE vulnerability or such.

Show thread

Ray McCarthy 12h ago

@briankrebs
Yet Google / Chrome is disabling the ability to filter scripts etc.

I don't run an ad blocker. I do run a plugin to give control over what content (cookies, scripts, images, frames, XHR etc) can load/run.
By default all 3rd party cookies & frames & scripts & XHR is blocked.

Some evil sites don't work at all with it enabled but off.
Cloudflare is a menace. Their so-called protection is almost malicious.
Google is a menace. The sites using multiple Google resources and recapcha bad!

Show thread