Do Not Click—This Porn Site Installs Malware On Your Device

Don’t open this web site.

Getty Photographs

Up to date on Nov. 27 with additional Home windows replace warnings issued for customers.

That is wild and new. Attackers have labored out that malicious emails pushing hyperlinks to grownup websites will solicit loads of clicks. Sadly, these clicks set off a faux replace that installs harmful malware in your system. As tempting as it might be — don’t click on.

ForbesStop Using Your VPN—Feds Warn iPhone And Android UsersBy Zak Doffman

The crew at Acronis warn the “novel ‘JackFix’ assaults” mix “display screen hijacking strategies with ClickFix, displaying a sensible, full-screen Home windows Replace of ‘Important Home windows Safety Updates’ to trick victims into executing malicious instructions.”

We have now seen loads of seemingly innocuous lures to drive ClickFix assaults, most being faux captchas and technical support pop-ups. However this new marketing campaign “leverages faux grownup web sites (xHamster, PornHub clones) as its phishing mechanism.”

Acronis says “the grownup theme, and attainable connection to shady web sites, add to a sufferer’s psychological stress, making victims extra more likely to adjust to sudden ‘safety replace’ set up directions.”

The assault itself hijacks a PC’s total display screen, “displaying an genuine wanting Home windows Replace display screen — full with the suitable animations, a counting-up proportion of progress and the looks of going full display screen.”

The assault is executed totally inside the PC’s browser, and Acronis says the ensuing display screen hijacking “is one thing we haven’t seen performed earlier than this marketing campaign, however the precept is properly confirmed and goes again over 15 years.” The adult content is the brand new twist on a theme, engaging customers to click on earlier than “the lure is sprung.”

Psychologically, the lure is designed to catch you while you’re on edge, clicking one thing you already know you in all probability shouldn’t. And so when an pressing safety replace display screen opens, you’re extra more likely to be tricked into participating.

Staying secure is straightforward. Don’t entry grownup websites from hyperlinks in emails or messages or pop-ups. As with all different web site, entry it instantly utilizing the same old means.

It’s not solely faux porn websites attempting to trick Home windows customers into clicking the place and after they shouldn’t. A brand new marketing campaign, flagged on X, warns that an “infostealer is being delivered by an in-browser faux Home windows Replace, abusing the Fullscreen API (on-click), and utilizing ClickFix-style lures to trick customers.”

And individually, the crew at Huntress has flagged a “multi-stage malware execution chain, originating from a ClickFix lure, that results in the supply of infostealing malware, together with LummaC2 and Rhadamanthys.”

On this different occasion, it’s steganography — concealing malicious code in photographs — moderately than extra illicit lures that has been deployed. “The malicious code is encoded instantly inside the pixel information of PNG photographs, counting on particular color channels to reconstruct and decrypt the payload in reminiscence.”

ForbesMicrosoft Update Warning—1 Billion Windows Users Must Now ActBy Zak Doffman

As ever with ClickFix, the campaigns are designed to trick a consumer into attacking their very own units. By no means copy and paste or run code when prompted to take action by an attachment, a hyperlink or a pop-up.