Gizmodo has reported a security breach that led to the exposure of its readers to ClickFix malware prompts. The incident was confirmed after users shared screenshots of fake CAPTCHA windows appearing on the site, indicating a potential compromise.
Details of the Incident
The attack appears to have been executed by an affiliate of ErrTraffic, a service that enables attackers to distribute various types of malware. According to Proofpoint threat researcher Tommy M, the ClickFix prompts were customized for each user’s operating system. For Windows users, the malware attempted to install the NetSupport RAT, which can exploit the legitimate NetSupport Manager tool to gain unauthorized access to systems.
Impact on Users
Darktrace has indicated that the NetSupport RAT can not only exfiltrate files but also load additional malicious payloads, including other malware and ransomware. In contrast, the version targeting macOS users had a payload that seemed to be malfunctioning, as it required a password to access a ZIP archive.
Gizmodo’s Response
Gizmodo stated that the malicious prompts were visible only for a short time. They reported, “We identified and resolved a security incident on our site earlier today. A compromised account was exploited to inject a malicious script, briefly exposing users to scam content. The site was taken offline immediately, the script removed, and the account secured.” As of Monday, the site was confirmed to no longer display ClickFix prompts.
Current Status and Recommendations
While Gizmodo has taken steps to secure its site, the full scope of the incident remains unclear. Users are encouraged to remain vigilant and report any unusual activity. The rapid response from Gizmodo highlights the importance of addressing security incidents promptly to mitigate potential harm.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
