A new cyber campaign, dubbed JackFix, uses Fake Windows updates and adult websites to trick users into executing malicious commands. The attack employs obfuscated scripts, PowerShell payloads, and steganography to deploy various malware, risking data theft and system compromise. #ClickFix #JackFix #PowerShellPayload
Keypoints
- The campaign targets users visiting fake adult websites to deliver threats disguised as critical Windows updates.
- It uses convincing full-screen HTML and JavaScript-based alerts that hijack the screen and manipulate user interaction.
- The initial payload is launched via mshta.exe, which loads a JavaScript that executes PowerShell commands for further malware deployment.
- Multiple payloads, including RATs and stealers like Rhadamanthys and Vidar, are delivered to steal sensitive data.
- Attackers employ obfuscation, privilege escalation, and steganography techniques to evade detection and increase success rates.
Read More: https://thehackernews.com/2025/11/jackfix-uses-fake-windows-update-pop.html