Cybersecurity

Jackfix Uses Fake Windows Update Pop-ups On Adult Sites To Deliver...

2025-11-25 0 views admin
Jackfix Uses Fake Windows Update Pop-ups On Adult Sites To Deliver...

Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a "critical" Windows security update.

"Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising," Acronis said in a new report shared with The Hacker News. "The adult theme, and possible connection to shady websites, adds to the victim's psychological pressure to comply with sudden 'security update' installation."

ClickFix-style attacks have surged over the past year, typically tricking users into running malicious commands on their own machines using prompts for technical fixes or completing CAPTCHA verification checks. According to data from Microsoft, ClickFix has become the most common initial access method, accounting for 47% of attacks.

The latest campaign displays highly convincing fake Windows update screens in an attempt to get the victim to run malicious code, indicating that attackers are moving away from the traditional robot-check lures. The activity has been codenamed JackFix by the Singapore-based cybersecurity company.

Perhaps the most concerning aspect of the attack is that the phony Windows update alert hijacks the entire screen and instructs the victim to open the Windows Run dialog, press Ctrl + V, and hit Enter, thereby triggering the infection sequence.

It's assessed that the starting point of the attack is a fake adult site to which unsuspecting users are redirected via malvertising or other social engineering methods, only to suddenly serve them an "urgent security update." Select iterations of the sites have been found to include developer comments in Russian, hinting at the possibility of a Russian-speaking threat actor.

"The Windows Update screen is created entirely using HTML and JavaScript code, and pops up as soon as the victim interacts with any element on the phishing site," security researcher Eliad Kimhy said. "The page attempts to go full screen via JavaScript code, while at the same time creating a fairly convincing Windows Update window composed of a blue background and white text, reminiscent of Windows' infamous blue screen of death."

What's notable about the attack is that it heavily leans on obfuscation to conceal ClickFix-related code, as well as blocks users from escaping the full-screen alert by disabling the Escape and F11 buttons

Source: The Hacker News

🏷️ Tags

cybersecuritysecurityhackattackthreat

More from Cybersecurity

New Microsoft Is Retiring 'send To Kindle' In Word 2026

New Microsoft Is Retiring 'send To Kindle' In Word 2026

2026-01-11 0
Complete Guide to Breachforums Hacking Forum Database Leaked, Exposing 324,000 Accounts

Complete Guide to Breachforums Hacking Forum Database Leaked, Exposing 324,000 Accounts

2026-01-10 0
Update: Spain Arrests 34 Suspects Linked To Black Axe Cyber Crime 2026

Update: Spain Arrests 34 Suspects Linked To Black Axe Cyber Crime 2026

2026-01-10 0
Latest: Ireland Recalls Almost 13,000 Passports Over Missing 'irl' Code

Latest: Ireland Recalls Almost 13,000 Passports Over Missing 'irl' Code

2026-01-10 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views