CAPTCHA Catastrophe: iClicker Hack Tricks Students with Devious Malware Install!
The iClicker website fell victim to a ClickFix attack using a fake CAPTCHA. Students and instructors were tricked into installing malware by clicking “I’m not a robot.” The attack has been resolved, but if you visited iClicker during the incident, it’s time to change your passwords faster than a student cramming for finals!
Hot Take:
Is it a bird? Is it a plane? No, it’s a fake CAPTCHA! In the latest episode of “Cybersecurity Gone Wild,” we’ve got an attack that blends the innocence of a CAPTCHA with the malice of a hacker’s heart. The iClicker platform, beloved by students and professors alike, has been hijacked by the “ClickFix” attack, proving once again that sometimes it feels like the only real CAPTCHA is discerning between a human and a hacker in disguise. Quick, someone call the IT department; we’ve got a case of mistaken identity gone cyber-rogue!
Key Points:
- The iClicker platform was compromised with a fake CAPTCHA to spread malware.
- Users were tricked into pasting a PowerShell script into their Windows Run dialog.
- The attack targeted students and instructors, potentially to steal credentials.
- Malware could steal sensitive data like passwords, cryptocurrency wallets, and more.
- BleepingComputer struggled to get a response from MacMillan regarding the attack.