Security notice: Website pop-up asks users to run code
Never open a terminal window and run code from a website, no matter how trustworthy you think it is.
Security notice: Website pop-up asks users to run code
The Information Security Office received a report that one of our users visited a website that appears to have been exploited. In doing so, when the user clicked on the navigation bar at the top of the page the website, a pop up loaded asking the user to: "Verify you are human by completing the action below."
The popup asked the user to:
- Press & hold the Windows Key + X
- Select Terminal from the right-hand menu, or Windows PowerShell on Windows 10
- Right-click anywhere in the window that opens, then press enter
When the “ClickFix” pop up was presented, it copied a PowerShell script to the user's clipboard so when they right-clicked, that action pasted the code into the terminal.
The bad code was supposed to reach out to another server and install further malicious software on the user’s computer and prevent antivirus scans.
In this circumstance, our endpoint detection response software, CrowdStrike, was able to detect and block the malicious code and prevent the takeover. However, this is a good reminder that you should never open a terminal window (e.g., PowerShell) and paste code from a website, no matter how trustworthy you believe the site may be.
