Warning: Gizmodo serving up ClickFix malware capchas
Gizmodo's io9 section has been compromised, serving fake CAPTCHA prompts that deliver ClickFix malware to visitors, potentially leading to system infections or credential theft.
Background
- Gizmodo (including its io9 subdomain), a prominent US tech and science news site owned by Gizmodo Media Group (part of Ziff Davis), was compromised to serve "ClickFix" malware via fake CAPTCHA prompts.
- "ClickFix" is a social-engineering technique where fake CAPTCHAs or error messages trick users into copying and running a malicious PowerShell script that installs malware (e.g., infostealers, remote access trojans).
- This is part of a broader trend: cybercriminals increasingly compromise ad networks or directly inject malicious code into legitimate news sites to deliver malware, rather than relying on shady downloads.
- Readers who visited Gizmodo/io9 recently and encountered an unusual CAPTCHA prompt (often asking to press Win+R or copy-paste a command) may have been infected. No action is needed if you did not run the copied command.