These fake Chrome extensions will crash your browser so that hackers can sneak in – here’s how to stay safe

New ClickFix variant uses fake NexShield ad blocker to spread malware
Attack crashes browsers, then tricks users into installing ModeloRAT via command prompt
KongTuke targets enterprises; individuals may face future risks

ClickFix attacks are evolving and now create an actual problem to fix, rather than trying to trick the victim into believing there is one, experts have warned.

Usually, ClickFix would either be a pop-up on a page, or a fake .docx or .pdf document. The victims would be told they cannot view the contents of a web page, or open the documents, until they “fixed” an issue by copying and pasting a command into the Windows Run program.

malware – until now.

browser add-on for Chrome and Edge called NexShield. It was built by a threat actor called KongTuke, and is quite an elaborate scheme, with dedicated sites spoofing browser repositories, and the malware being present on official stores. It also claims to be built by Raymond Hill, the person behind uBlock Origin, a legitimate ad blocker with 14 million users.

To make sure the attack isn’t traced back to the add-on, it starts its malicious activity an hour after being installed. When the clock ticks, the malware creates a denial-of-service (DoS) condition that crashes the browser and forces the user to bring up the Task Manager and manually restart it.

On restart, the add-on displays a fake error message and, in typical ClickFix fashion, offers a solution.

That solution is to copy and paste a command in Windows Command Prompt which, in turn, downloads and installs ModeloRAT, a remote access trojan that grants full access to the compromised device.

Security researchers Huntress, who first spotted the attack, claim KongTuke primarily targets enterprise users, and is so far sparing individuals and other private users. That, however, does not mean that CrashFix won’t target more people in the future.

Via BleepingComputer

The best antivirus for all budgets

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

https://cdn.mos.cms.futurecdn.net/RYP2wJu6BGAEqdebGitYKk-970-80.jpg

Source link

I’m a Garmin expert — I’ve put together this difficult Garmin quiz to make sense of all those confusing watch names

NordVPN’s new free tool reveals exactly what the internet knows about your location

Oscal Pilot 5 rugged phone review

Google is pushing AI video into ordinary life — just as OpenAI pulls Sora back

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

‘XO, Kitty’ Season 3 Star Duo Talk Kitty & Min Ho’s Relationship Arc

Zendaya Delivers Final Method Dressing Look on ‘The Drama’ Press Tour

‘Your Friends & Neighbors’ Season 2 Review: Apple TV’s Dramedy Thrills

Kanye West Wife Bianca Censori Directed Travis Scott “Father” Music Video

Earnings call transcript: HPS Q4 2025 highlights SaaS growth, stock dips

Tesla eyes Japan’s top imported-car spot as it expands store, service network

Asia FX, dollar muted as traders watch Iran war updates; RBI steps lift rupee

HDFC Bank penalises 12 execs for role in mis-selling AT1 bonds

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays