Today was the deadline for Google to reveal how it’s complying with Judge James Donato’s order to crack open Android for third-party app stores, stop illegally tying its Google Play Billing system to its app store, and let developers link to ways to download their apps outside the Play Store in the US.
Technology
ClickFix malware tricks you into infecting your own Windows PC
ClickFix is a social engineering trick that hackers have been using more and more since early 2024 to spread malware.
It fools you into running malicious commands on your own computer, and the attack is now more common than ever. Hackers are getting people to install password-stealing malware by making them press a series of keyboard shortcuts, all under the pretense of proving they’re not bots.
Bots are automated computer programs that perform repetitive tasks online, often mimicking human behavior. By tricking you into proving they’re not bots, hackers exploit your lack of understanding about these automated systems to make you unwittingly install malware.
STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS – SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW
A person working on a laptop (Kurt “CyberGuy” Knutsson)
What you need to know
As reported by KrebsOnSecurity, the latest ClickFix campaign tricks you into installing password-stealing malware under the guise of a routine “Verify You Are a Human” test. Initially seen in targeted attacks, it has now gone mainstream, affecting industries like hospitality and healthcare.
The scam begins when you visit a hacked or malicious website and see a fake CAPTCHA-style prompt. Clicking the “I’m not a robot” button triggers a set of instructions asking you to press specific keyboard shortcuts. First, you are told to press Windows + R, which opens the Windows Run dialog. Then you are instructed to press CTRL + V, which pastes a malicious script copied from the website’s virtual clipboard. If you press enter, a script is executed that downloads and runs malware.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
Cybercriminals are using phishing emails and malicious websites to spread ClickFix. The hospitality industry has been heavily targeted, with attackers impersonating Booking.com and sending fake emails referencing guest reviews or promotions. Clicking on links in these emails directs you to a ClickFix trap. Healthcare workers have also been targeted, with malicious code embedded into the widely used physical therapy site HEP2go.
Once ClickFix is on your PC, it installs various types of malware, including password stealers like XWorm, Lumma Stealer and DanaBot, which extract your login credentials and financial information. Some versions deliver remote access trojans like VenomRAT and AsyncRAT, giving attackers full control over your system. Others deploy NetSupport RAT, a remote access tool commonly misused for cyber espionage.
Executing this series of keypresses prompts Windows to download password-stealing malware. (KrebsOnSecurity)
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
Previous ClickFix attacks
Security researchers believe ClickFix has been targeting people since March 2024. I reported on the malware back in June 2024 when it posed as fake Google Chrome, Word and OneDrive errors to trick users into downloading harmful code. Just like in the current campaign, attackers prompted victims to click a button that copied a PowerShell “fix” to the clipboard, then paste and run it in a Run dialog or PowerShell prompt.
By November 2024, attackers had expanded their targets to Google Meet users. The scam started with an email containing a link to a Google Meet session, often disguised to appear as if it were from the victim’s organization. This link leads to an invite for a meeting, webinar or online collaboration. Clicking the link directed the victim to a fake Google Meet page, which displayed a warning claiming there was an issue with their PC, such as problems with their microphone, camera or headset.
The attack was also seen in fake Chrome error pages and Facebook login prompts, further spreading the malware across different platforms and increasing its reach.
This malware attack pretends to be a CAPTCHA intended to separate humans from bots. (KrebsOnSecurity)
OUTSMART HACKERS WHO ARE OUT TO STEAL YOUR IDENTITY
6 ways you can stay safe from ClickFix malware
To protect yourself from the evolving threat of ClickFix malware, which continues to target users through sophisticated social engineering tactics, consider implementing these six essential security measures.
1. Be skeptical of CAPTCHA prompts: Legitimate CAPTCHA tests never require you to press Windows + R, copy commands or paste anything into PowerShell. If a website instructs you to do this, it’s likely a scam. Close the page immediately and avoid interacting with it.
2. Don’t click links from unverified emails and use strong antivirus software: Many ClickFix attacks start with phishing emails that impersonate trusted services like Booking.com or Google Meet. Always verify the sender before clicking on links. If an email seems urgent or unexpected, go directly to the company’s official website instead of clicking any links inside the email.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
3. Enable two-factor authentication: Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
4. Keep devices updated: Regularly updating your operating system, browser and security software ensures you have the latest patches against known vulnerabilities. Cybercriminals exploit outdated systems, so enabling automatic updates is a simple but effective way to stay protected.
5. Monitor your accounts for suspicious activity and change your passwords: If you’ve interacted with a suspicious website, phishing email or fake login page, check your online accounts for any unusual activity. Look for unexpected login attempts, unauthorized password resets or financial transactions that you don’t recognize. If anything seems off, change your passwords immediately and report the activity to the relevant service provider. Also, consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed password managers of 2025 here.
6. Invest in personal data removal service: Consider using a service that monitors your personal information and alerts you to potential breaches or unauthorized use of your data. These services can provide early warning signs of identity theft or other malicious activities resulting from ClickFix or similar attacks. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.
MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC
Kurt’s key takeaway
ClickFix is a reminder that malware doesn’t always rely on complex exploits. It often just needs you to follow the wrong instructions. Attackers are refining their methods, making scams like fake CAPTCHAs, phishing emails and deceptive pop-ups more convincing than ever. The best way to stay ahead is to question anything that seems even slightly off. If a website asks you to run commands or paste something into PowerShell, it’s a red flag. If an email pressures you into clicking a link, verify it first.
Do you think tech companies are doing enough to stop malware like ClickFix? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
But Google isn’t just letting app developers do things however and whenever they’d like. The company’s quietly updated its support pages with a January 28th deadline to enroll in specific Google programs for “alternative billing” and “external content links” — and these programs will come with large alternative fees of their own, assuming Judge Donato doesn’t opt for Epic and Google’s proposed settlement instead.
While it isn’t collecting fees yet, Google says it will charge developers $2.85 for every app and $3.65 for every game a user installs within 24 hours of clicking a link that takes you outside Google’s app store to download them outside the Google ecosystem.
Plus, it’ll take a 20 percent cut of any in-app purchases and 10 percent of any auto-renewing subscriptions. Apps still need to be submitted to Google for review, use a Google API to track them, and developers have to report all transactions (including $0 free trials) if they want to participate.
Meanwhile, developers who want to offer their own billing solutions will only get a 5 percent discount compared to Google’s current fees, likely making it not worth the effort to try alternative billing at all. Google will charge 25 percent for in-app purchases and 10 percent for auto-renewing subscriptions there; devs will need to integrate a Google API to track those, and report all transactions within 24 hours.
The company will cap some of these fees at 10 percent of a developer’s first $1 million of earnings, making it a bit easier for small developers, but perhaps no easier than it is currently. Google already offers a similar cap at 15 percent, so this too is a 5 percent discount.
How will Judge James Donato react? When Apple told Judge Yvonne Gonzalez Rogers it would require a 27 percent fee for external payments in the parallel Epic v. Apple case, she found Apple in contempt of court, and an appeals court backed up that decision just days ago. However, the appeals court did suggest that Apple may be able to collect some fee, writing that:
Apple should be able to charge a commission on linked-out purchases based on the costs that are genuinely and reasonably necessary for its coordination of external links for linked-out purchases, but no more.
Google currently claims that “the fees associated with the external content links program reflect the value provided by Android and Play and support our continued investments across Android and Play.”
But Google also says it won’t collect any fees quite yet, writing:
In the future, Google intends to apply a service fee on successful transactions and downloads completed via external content links. At this time, however, Google is not assessing these fees and is therefore not requiring developers in this program to report these transactions or downloads to Google.
In their joint progress report today, Epic and Google’s lawyers write that while Epic agrees with the January 28th deadline and other requirements, “Epic has indicated that it opposes the service fees that Google announced it may implement in the future and that Epic will challenge these fees if they come into effect.”
Of course, none of this will come to pass if Judge Donato accepts Google and Epic’s proposed settlement instead, which would generally apply worldwide (instead of just in the US) and comes with lower standard transaction fees.
But Google signaled that settlement, too, would come with fees on alternative billing and external app downloads, and Judge Donato seemed skeptical of the settlement in November. He’s ordered an evidentiary hearing on January 22nd before he makes a decision.
Since Google’s support pages seem to be fluid as Epic v. Google continues, we’ve archived copies of their current text below.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
NEWYou can now listen to Fox News articles!
As we head into the last stretch of December (and last-minute gift shopping), your doorstep is probably busier than ever. And if you’re anything like me, you’re probably also juggling shipping updates, tracking numbers, and “out for delivery” alerts from half a dozen retailers.
Unfortunately, scammers know this too, and they’ve likely been preparing for it all year. Like clockwork, I’ve already started seeing the usual wave of fake tracking texts hitting people’s phones. They look legit, they show up right when you’re expecting a package, and they rely on one inescapable truth: during the holiday rush, most of us are too overwhelmed to notice when something feels off.
No need to panic, though. You can still come out ahead of the scammers. I’ll show you what to look out for and how you can prevent being targeted in the first place.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
THE FAKE REFUND SCAM: WHY SCAMMERS LOVE HOLIDAY SHOPPERS
Holiday shoppers are being hit with a surge of fake delivery texts designed to steal personal information and account logins. (Photo by Sebastian Kahnert/picture alliance via Getty Images)
What fake delivery text messages look like
Most of these fake shipping texts include a “tracking link” that looks close enough to the real thing that you might tap without thinking twice about it. In some cases, like one Maryland woman found out, you may even receive fake deliveries with a QR code that works in a similar way.
These links usually lead to a spoofed tracking page that looks almost identical to the real thing. It’ll ask you to “confirm” your login or enter your delivery details. The moment you type anything in, scammers capture it and use it to access your real accounts.
Even worse, the “tracking link” may contain malware or spyware, triggering silent installs that can steal passwords, monitor keystrokes, or give scammers remote access to your device.
Red flags that reveal fake shipping and tracking messages
So how can you distinguish between a legitimate message for a delivery you’re actually waiting for and one of these scams? Here are the red flags I look for:
- Weird or slightly altered URLs. Scammers use domains that look almost right. Except there’s usually one extra letter, a swapped character, or a completely unfamiliar extension.
- Requests for additional payment. Real carriers don’t ask you to pay a “small fee” to release a package. That’s an instant giveaway.
- A package you’re not expecting. If the text is vague or you can’t match it to a recent order, pause before you tap anything.
- Delivery attempts at odd hours. “Missed delivery at 6:12 AM” or “late-night attempt” messages are usually fake. Carriers don’t normally operate like that.
- Updates that don’t match what you see in the retailer’s app or email. If Amazon says your package is arriving tomorrow, but a random text says it’s delayed or stuck, trust Amazon, not the text.
- Language that is designed to rush you. Anything screaming “immediate action required!” is designed to make you stop thinking and start tapping.
If a text triggers any one of these, I delete it on the spot. When in doubt, always check directly with the delivery service provider first before opening any links.
WHY YOUR HOLIDAY SHOPPING DATA NEEDS A CLEANUP NOW
Scammers are sending deceptive tracking links that mimic real carriers, hoping rushed shoppers won’t notice red flags. (Silas Stein/picture alliance via Getty Images)
How scammers know your address, phone number, and shopping habits
Scammers don’t magically know where you live or what you’ve ordered — they buy that information. There’s actually an entire industry of data brokers built on collecting and selling personal data. This can include your:
- Phone number
- Home address
- Purchase history
- Browsing patterns
- Retailers accounts and apps
- Loyalty programs
- Even preferred delivery times.
These data brokers can sell profiles containing hundreds of data points on you. And they aren’t always discerning about who they sell to. In fact, some of them have been caught intentionally selling data to scammers.
Once scammers have those details, creating a convincing delivery scam is no problem.
But scammers can’t target what they can’t find
I’ve been very vocal about the importance of keeping personal information under lock and key. And this is just one of the reasons why.
Criminals rely on your personal information to target you with these types of scams. They also need at least a phone number or email address to reach you in the first place.
So your best bet to avoid delivery scams (and, honestly, most other scams year-round) is removing your info from data brokers and people search sites. Doing this will keep your details out of circulation online and out of the wrong hands.
FBI WARNS EMAIL USERS AS HOLIDAY SCAMS SURGE
Fraudsters use spoofed shipping pages and malware to capture passwords and gain access to victims’ devices. (Martin Ollman/Getty Images)
How to remove your personal information from scammers’ reach
You can start by looking yourself up online. Searching for different combinations of your name, address, email, and phone number should bring up a bunch of people search sites. Just visit the “opt-out” page on each site to request removal of your data.
Private-database data brokers are a bit trickier. They sell data in bulk, usually to marketers and other third parties. So you won’t be able to check if they have your information. But if you look into which data brokers operate in your area, you can just send opt-out requests to them all. There’s a good chance they’ll have your information.
You can also turn to a data removal service. They completely remove the headache from this process and just automatically keep your personal info off data broker sites. If, like me, you don’t have the time to keep manually checking data broker sites and sending removal requests every few months (because your data will keep reappearing), a personal data removal service is the way to go.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
Kurt’s key takeaways
Holiday delivery scams work because they blend perfectly into the chaos of December shopping. A well-timed text and a familiar tracking link are often all it takes to lower your guard. By slowing down, checking messages directly with retailers, and reducing how much of your personal data is circulating online, you can take away the advantage scammers rely on. A little caution now can save you a major headache later.
Have you received a suspicious delivery text or tracking message this holiday season? If so, tell us what it looked like and how you handled it by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
All year on The Vergecast, we’ve been tracking the many bizarre and problematic actions of FCC Chairman Brendan Carr. There has been a lot to discuss! Then, this week, ahead of one of our last episodes of the year, Carr appeared in front of the Senate Commerce Committee and spent three hours explaining how he thinks about his job, the FCC, and the state of online communication and entertainment. It was a lot.
On this episode of The Vergecast, we begin with a dissection of Carr’s testimony, his threats against broadcasters, and the ways in which he’s using old ideas about content delivery to get his political way. Nilay and David walk through some of Carr’s most important quotes, explain the history of broadband regulation, and look ahead to how Carr might bring these same tactics to internet regulation next year.
Also, an important housekeeping note: The Vergecast will be live at CES! We’ll be at the Brooklyn Bowl in Las Vegas, at 3:30PM on Wednesday, January 7th. There will be podcasting, and hanging out, and bowling. It’s going to be great, and if you’re going to be in Vegas we’d love to see you there.
Until then, if you want to know more about everything we discuss in this episode, here are some links to get you started, first on Brendan Carr:
And in the streaming wars:
And in the lightning round:
Maryland3 minutes ago
Maryland dentist to serve 10 years for pill-splitting scheme with assistant
Michigan9 minutes ago
Michigan Lottery Daily 3, Daily 4 results for Dec. 19, 2025
Massachusetts15 minutes ago
Massachusetts Removes LGBT Ideology Requirements for Foster-Care Parents
Minnesota20 minutes ago
Finland picks up where it left off in Minnesota, beats Germany
Mississippi27 minutes ago
Mississippi Lottery Mississippi Match 5, Cash 3 results for Dec. 19, 2025
Florida1 year ago
Florida High School Football Rankings: Top 25 teams – Oct. 21
Connecticut2 years ago
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
Oregon2 years ago
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Virginia1 year ago
99th annual Pony Swim held in Virginia
Education2 years ago
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Politics5 hours ago
Trump administration touts ‘most secure border in history’ as 2.5 million migrants exit US
World6 hours ago
How the reparations loan for Ukraine fell apart at the eleventh hour
News6 hours ago
Trump’s push to end transgender care for young people opposed by pediatricians
News16 hours ago
Takeaways from an eventful 2025 election cycle
Politics17 hours ago
Judge tosses Trump-linked lawsuit targeting Chief Justice Roberts, dealing setback to Trump allies
-
Iowa5 days agoAddy Brown motivated to step up in Audi Crooks’ absence vs. UNI
-
Iowa7 days agoHow much snow did Iowa get? See Iowa’s latest snowfall totals
-
Maine4 days agoElementary-aged student killed in school bus crash in southern Maine
-
Maryland5 days agoFrigid temperatures to start the week in Maryland
-
Technology1 week agoThe Game Awards are losing their luster
-
South Dakota6 days agoNature: Snow in South Dakota
-
New Mexico3 days agoFamily clarifies why they believe missing New Mexico man is dead
-
Nebraska1 week agoNebraska lands commitment from DL Jayden Travers adding to early Top 5 recruiting class