Well-liked scholar engagement platform iClicker’s web site was compromised with a ClickFix assault. A pretend “I’m not a robotic” test tricked customers into putting in malware. Be taught who was affected and find out how to keep secure.
A well-liked digital classroom utilized in many universities, known as iClicker, was lately focused by hackers. This software, owned by Macmillan, helps academics observe attendance and ask college students questions in school. Hundreds of thousands of scholars and 1000’s of academics throughout the US, together with the College of Michigan and the College of Florida, use iClicker.
Based on the College of Michigan’s Secure Computing Staff’s advertvisory, between April twelfth and sixteenth, 2025, the iClicker web site was compromised, exhibiting a pretend CAPTCHA to the positioning’s guests, and asking them to click on “I’m not a robotic.”
When a Home windows consumer clicked on this pretend test, a hidden PowerShell command was copied to their gadget. They have been prompted to open a particular window on their laptop (by urgent the Home windows key and the letter ‘R’ on the identical time), paste this command (by urgent Ctrl and ‘V’), after which press Enter. Doing this may run the hidden command.
This trick, referred to as a ClickFix assault, is a technique to idiot folks into downloading malware. A Reddit consumer examined this command on Any.Run and located it could connect with a server on the web to obtain one other set of directions, relying on who was visiting the web site. If it was an actual particular person utilizing an everyday laptop, the directions would obtain malware, which may give the attacker full management over the gadget.
This malware was probably designed to steal private info, equivalent to usernames, passwords, bank card particulars, and even cryptocurrency pockets info saved on the pc.
In case the customer was a system utilized by safety specialists to investigate malware, the hidden command would as an alternative obtain a innocent program from Microsoft in order that the attackers may evade detection.
In its safety bulletin, iClicker confirmed that its predominant system and consumer info have been secure, explaining {that a} third occasion put a pretend safety test on their web site earlier than customers logged in.
As beforehand reported by Hackread.com, ClickFix has change into a rising concern within the cybersecurity world. In March 2024, we reported the growing use of ClickFix assaults by cybercrime teams like TA571 and ClearFake. Later, in October 2024, safety agency Sekoia noticed extra ClickFix assaults utilizing pretend Google Meet, Chrome, and Fb pages to unfold malware.
Lately, in April 2025, Hackread.com reported that government-backed hacking teams from international locations like North Korea, Iran, and Russia used this technique of their spying operations and even printed a detailed weblog submit on find out how to shield your self from ClickFix assaults.
iClicker advises anybody who visited their web site between April twelfth and sixteenth and clicked on the pretend safety test to right away change all of the passwords saved on their laptop, together with the iClicker password and use a password supervisor to maximise account safety. Individuals who solely used the iClicker cellular app or didn’t see the pretend safety test have been secure from this explicit assault.
Debbie Gordon, CEO and Founder at Cloud Vary commented on the event stating, “This incident exhibits how simply attackers can flip a easy consumer interplay, like clicking a CAPTCHA, right into a full compromise.”
“The actual query is: how rapidly can your workforce detect and include it? That’s the essence of incident response readiness. Simulation-based coaching offers defenders the muscle reminiscence they should spot behavioural purple flags, examine successfully, and coordinate containment actions in real-time earlier than small lapses change into main breaches.”
