Fake Error Messages Trick People Into Installing Harmful Software

A new attack campaign is fooling internet users by displaying fake error messages on compromised websites. When someone visits one of these hacked sites, they see what looks like a legitimate error screen telling them to fix a problem. The message tricks them into copying and pasting commands that actually install malware on their computer. Security researchers call this technique ClickFix, and the malware involved is named Lorem Ipsum. The attackers have been hacking WordPress websites to spread their trap. Anyone who visits a compromised website could see these fake error messages. The attackers target WordPress sites, which power millions of blogs, small business websites, and online stores. If you follow the instructions on the fake error screen, malware gets installed on your computer. This particular campaign may be connected to a criminal group called Vice Society, which is known for ransomware attacks and stealing data from victims.

Here is what you should do right now:

1. Never copy and paste commands into your computer based on instructions from a website, especially if a popup or error message suddenly appears.
2. If you see an unexpected error message telling you to run commands or fix a technical problem, close the browser window immediately.
3. Do not follow technical instructions from random websites. If you think something is wrong with your computer, contact a trusted tech support person directly.
4. Make sure your antivirus software is active and up to date. Run a full scan if you recently followed instructions from any suspicious website. Building good habits protects you from these evolving tricks. Legitimate websites and services will never ask you to paste commands into system prompts to fix errors. When something unexpected pops up on your screen, your instinct should be to close it and navigate away. Teach everyone in your household, especially kids and teens who browse independently, to be skeptical of any urgent messages demanding immediate action. Real technical problems rarely require you to run commands from a website.