A new scam called ClickFix is targeting users and is on the rise in the U.S. As the name suggests, it prompts you to click on a link, claiming to fix an issue, but in reality it infects your computer with malware.

reported on this earlier, detailing how threat actors used messages impersonating errors from Google Chrome, Microsoft Word and OneDrive to infect users' computers. 

Now, a similar type of attack is affecting Google Meet users, regardless of whether they’re using a Windows PC or a Mac. I explain how this cyberattack works and what you can do to protect yourself.

I’M GIVING AWAY A $500 GIFT CARD FOR THE HOLIDAYS

woman on laptop

A woman working on her laptop (Kurt "CyberGuy" Knutsson)

How the Google Meet trap works

According to French cybersecurity company Sekoia, it all starts with an email containing a link to a Google Meet. The email can come from any address and may be socially engineered to look like it's related to your organization. It could link to a Google Meet invite for a meeting, webinar, online collaboration or something similar. When you click on the link, you’ll be directed to a fake Google Meet page, which will soon display a warning claiming there’s an issue with your PC. It might say your microphone or camera isn't working or there's a problem with your headset.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

You can expect to see the following URLs in these fake meeting emails:

meet[.]google[.]us-join[.]com

meet[.]google[.]web-join[.]com

meet[.]googie[.]com-join[.]us

meet[.]google[.]cdm-join[.]us

This fake page will also display a pop-up offering to fix the issue, showing phrases like "Press the key combination" or "CTRL+V." When you follow these instructions, malicious code is pasted into the Windows prompt, infecting your computer with malware. Once the code is on your computer, hackers can gain access to your cryptocurrencies, sensitive files and personal information.

Sekoia has uncovered several other malware distribution clusters beyond Google Meet. These include platforms like Zoom, PDF readers, fake video games (such as Lunacy, Calipso, Battleforge and Ragon), web3 browsers and projects like NGT Studio and messenger apps such as Nortex.

google meet 2

Fake Google Meet page (Sekoia)

DON’T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP

The bigger picture

Back in July, McAfee noticed that ClickFix campaigns were ramping up, especially in the U.S. and Japan (via Bleeping Computer). Lately, two groups – Slavic Nation Empire and Scamquerteo – have been behind some of these attacks. Both are said to be offshoots of larger crypto scam gangs Marko Polo and CryptoLove.

Earlier this year, Proofpoint found that malware was spreading by pretending to be fake error messages for Google Chrome, Word and OneDrive, tricking people into downloading malicious code. They also pointed out a method called "email lure," where hackers send fake emails pretending to be from MS Word to infect computers.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

google meet 3

Fake page requests (Sekoia)

BEST ANTIVIRUS FOR PCS, MACS, IPHONES AND ANDROIDS – CYBERGUY PICKS

4 ways to protect yourself from harmful software

The fake Google Meet page creates a sense of urgency, making users click on the links and unknowingly compromise their devices. There are several steps you can take to protect yourself from such cyberattacks.

1. Have strong antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Monitor your accounts: Regularly review your bank statements, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.

3. Place a fraud alert: Contact one of the three major credit reporting agencies (Equifax, Experian or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification.

4. Enable two-factor authentication: Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Kurt’s key takeaways

Hackers have come up with sneaky ways to trick you into installing malware. They use social engineering to make emails and website prompts look legit, hoping you'll click on a link and follow their instructions. The best way to protect yourself is by avoiding unknown links and always checking the URL of the page you're on before taking any action.

CLICK HERE TO GET THE FOX NEWS APP

Have you ever received an email or prompt that looked suspicious but seemed legitimate at first glance? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.