Iclicker Website Hacked With Fake Captcha In Clickfix Attack

Popular student engagement level iClicker’s website was compromised pinch a ClickFix attack. A clone “I’m not a robot” cheque tricked users into installing malware. Learn who was affected and really to enactment safe.

A celebrated integer schoolroom utilized successful galore universities, called iClicker, was precocious targeted by hackers. This tool, owned by Macmillan, helps teachers way attendance and inquire students questions successful class. Millions of students and thousands of teachers crossed nan US, including nan University of Michigan and nan University of Florida, usage iClicker.

According to nan University of Michigan’s Safe Computing Team’s advisory, betwixt April 12th and 16th, 2025, nan iClicker website was compromised, showing a clone CAPTCHA to nan site’s visitors, and asking them to click “I’m not a robot.”

Source: University of Michigan

When a Windows personification clicked connected this clone check, a hidden PowerShell bid was copied to their device. They were prompted to unfastened a typical model connected their machine (by pressing nan Windows cardinal and nan missive ‘R’ astatine nan aforesaid time), paste this bid (by pressing Ctrl and ‘V’), and past property Enter. Doing this would tally nan hidden command.

This trick, known arsenic a ClickFix attack, is simply a measurement to fool group into downloading malware.  A Reddit personification tested this bid connected Any.Run and recovered it would link to a server connected nan net to download different group of instructions, depending connected who was visiting nan website. If it was a existent personification utilizing a regular computer, nan instructions would download malware, which could springiness nan attacker complete power complete nan device.

 This malware was apt designed to bargain individual information, specified arsenic usernames, passwords, in installments paper details, and moreover cryptocurrency wallet accusation stored connected nan computer.

In lawsuit nan visitant was a strategy utilized by information experts to analyse malware, nan hidden bid would alternatively download a harmless programme from Microsoft truthful that nan attackers could evade detection.

In its information bulletin, iClicker confirmed that its main strategy and personification accusation were safe, explaining that a 3rd statement put a clone information cheque connected their website earlier users logged in.

As antecedently reported by Hackread.com, ClickFix has go a increasing interest successful nan cybersecurity world. In March 2024, we reported nan expanding usage of ClickFix attacks by cybercrime groups for illustration TA571 and ClearFake. Later, successful October 2024, information patient Sekoia observed more ClickFix attacks utilizing clone Google Meet, Chrome, and Facebook pages to dispersed malware.

Recently, successful April 2025, Hackread.com reported that government-backed hacking groups from countries for illustration North Korea, Iran, and Russia utilized this method successful their spying operations and moreover published a detailed blog post connected really to protect yourself from ClickFix attacks.

iClicker advises anyone who visited their website betwixt April 12th and 16th and clicked connected nan clone information cheque to instantly alteration each nan passwords saved connected their computer, including nan iClicker password and usage a password head to maximize relationship security. People who only utilized nan iClicker mobile app aliases did not spot nan clone information cheque were safe from this peculiar attack.

Debbie Gordon, CEO and Founder astatine Cloud Range commented connected nan improvement stating, “This incident shows really easy attackers tin move a elemental personification interaction, for illustration clicking a CAPTCHA, into a afloat compromise.”

“The existent mobility is: really quickly tin your squad observe and incorporate it? That’s nan principle of incident consequence readiness. Simulation-based training gives defenders nan musculus representation they request to spot behavioural reddish flags, analyse effectively, and coordinate containment actions successful real-time earlier mini lapses go awesome breaches.”