Since early April 2025, attackers have been hijacking real websites — often ones built with WordPress — and tricking visitors with convincing fake pop-ups. These pop-ups look like normal security checks or browser updates, but are actually lures to install malware on your device.
The campaign, known as ClearFake, continues to evolve. The latest version uses a tactic called ClickFix, where users are urged to fix a fake technical issue by running a command. If they follow through, malware gets installed.
For more information about this and other recent scams and information security news, check out the Catch of the Week on TrojanSecure.