Cybersecurity

Complete Guide to Clickfix Attack Uses Fake Windows Bsod Screens To Push Malware

2026-01-05 0 views admin
Complete Guide to Clickfix Attack Uses Fake Windows Bsod Screens To Push Malware

A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems.

A BSOD is a Windows crash screen displayed when the operating system encounters a fatal, unrecoverable error that causes it to halt.

In a new campaign first spotted in December and tracked by researchers at Securonix as "PHALT#BLYX," phishing emails impersonating Booking.com led to a ClickFix social engineering attack that deployed malware.

ClickFix social engineering attacks are webpages designed to display an error or issue and then offer "fixes" to resolve it. These errors could be fake error messages, security warnings, CAPTCHA challenges, or update notices that instruct visitors to run a command on their computer to fix the issue.

Victims end up infecting their own machines by running malicious PowerShell or shell commands provided in the attacker's instructions.

In this new ClickFix campaign, attackers send phishing emails that impersonate a hotel guest cancelling their Booking.com reservation, typically sent to a hospitality firm. The claimed refund amount is significant enough to create a sense of urgency for the recipient of the email.

Clicking the link in the email takes the victim to a fake Booking.com website hosted on 'low-house[.]com,' which Securonix characterizes as a "high-fidelity clone" of the real Booking.com site.

"The page utilizes official Booking.com branding, including the correct color palette, logos, and font styles. To the untrained eye, it is indistinguishable from the legitimate site," reports Securonix.

The site hosts malicious JavaScript that displays a fake "Loading is taking too long" error to the target, prompting them to click a button to refresh the page.

However, when the target clicks the button, the browser instead enters full-screen mode and displays a fake Windows BSOD crash screen that initiates the ClickFix social engineering attack.

Source: BleepingComputer

🏷️ Tags

securitymalwareattack

More from Cybersecurity

Ultimate Guide: Trend Micro Warns Of Critical Apex Central RCE Vulnerability

Ultimate Guide: Trend Micro Warns Of Critical Apex Central RCE Vulnerability

2026-01-09 0
Report: Trend Micro Apex Central RCE Flaw Scores 9.8 Cvss In On-prem...

Report: Trend Micro Apex Central RCE Flaw Scores 9.8 Cvss In On-prem...

2026-01-09 0
Cisa Retires 10 Emergency Cybersecurity Directives Issued Between

Cisa Retires 10 Emergency Cybersecurity Directives Issued Between

2026-01-09 0
Fbi Warns North Korean Hackers Using Malicious Qr Codes In

Fbi Warns North Korean Hackers Using Malicious Qr Codes In

2026-01-09 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views