The UK public is being warned about a harmful campaign that not only infects devices with malicious software but also monitors users’ online activities and sends sensitive information to remote servers.
This campaign is targeting individuals who visit adult websites, including popular sites like P0$#hub and X###ster, which now require age verification to confirm the user is an adult. However, the issue lies not with these legitimate sites themselves, but with hackers who are creating fake URLs that appear at the top of search engine results. These fake links are designed to attract users with sensationalized content, leading them to malware-ridden pages.
Here’s how the attack works: when users click on these deceptive links, they are first redirected to explicit images. The page then prompts them to download a “Windows update,” which is actually a fake update that hackers use to install malicious software. In their eagerness to access the content or finish the update, users are falling victim to phishing attacks, also known as “ClickFix” attacks.
Once installed, the malware doesn’t just steal files and personal data—it also records screen activity, often capturing sensitive moments like banking transactions or private conversations. This information is then sent to the attackers’ remote servers, leaving victims vulnerable to blackmail.
Victims could be threatened with the release of these recordings unless they comply with the attackers’ demands, which could involve money or other forms of exploitation.
How to Protect Yourself:
A.) Avoid morally questionable websites: Stay away from sites that may be deemed inappropriate by government standards, as they are often targeted by cybercriminals.
B.) Use strong anti-malware software: A reliable malware monitoring tool can help prevent phishing attacks that come through emails, web messages, or mobile apps.
C.) Keep your software up to date: Regularly update your operating system and applications to ensure they are protected with the latest security patches.
D.) Be cautious on social media: Never share sensitive personal information—like your phone number, date of birth, or financial details—on social media platforms, including LinkedIn.
By following these steps, you can reduce the risk of falling victim to this type of attack and protect your personal information.
Join our LinkedIn group Information Security Community!
