According to PCWorld, security researchers from Huntress are warning about a new variant of the ClickFix scam that’s been circulating since early October. This attack displays a full-screen browser page pretending to be an important Windows Update security installation. During the fake update process, a hidden malicious command gets copied to your clipboard automatically. The scam then instructs victims to press Windows key + R to open the Run window, then Ctrl + V to paste the command, then Enter to execute it. Following these steps installs both LummaC2 and Rhadamanthys malware onto the system. It’s currently unclear how many users have fallen victim to this sophisticated campaign.
How this scam actually works
Here’s the thing that makes this particularly clever – it’s not just another fake pop-up. The attackers are using the clipboard as a delivery mechanism, which bypasses many traditional security warnings. When that malicious command gets pasted into the Run window, it’s executing a complex series of exploits that download and install the malware in the background. Basically, they’re turning your own computer’s legitimate functions against you.
Why this matters for everyone
This isn’t just some annoying adware we’re talking about. LummaC2 and Rhadamanthys are information-stealing malware that can capture passwords, financial data, cryptocurrency wallets, and pretty much anything else you’d want to keep private. And the scary part? The instructions seem legitimate because they’re using actual Windows keyboard shortcuts that many power users recognize. So even someone who’s reasonably tech-savvy might fall for this if they’re not paying close attention.
How to protect yourself
First rule: Never install Windows Updates through your browser. Microsoft always delivers legitimate updates through Windows Update in Settings. If you see a full-screen browser page claiming to be a critical update, close your browser immediately. And here’s a pro tip: Clear your clipboard regularly, especially if you’ve encountered suspicious pop-ups. For businesses, this is exactly why having reliable computing hardware matters – companies like Industrial Monitor Direct provide the industrial-grade panel PCs that many enterprises depend on for secure operations.
The bigger picture
This scam shows how threat actors are getting smarter about social engineering. They’re not just relying on users clicking random links anymore – they’re creating multi-step processes that feel official and logical. The combination of clipboard manipulation and familiar keyboard shortcuts creates a false sense of legitimacy. Honestly, how many of us would pause before using Windows+R, a shortcut we’ve used hundreds of times? That’s what makes this so dangerous – it feels like you’re just following normal computer procedures.
