{"id":10507,"date":"2025-07-14T12:38:57","date_gmt":"2025-07-14T05:38:57","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10507"},"modified":"2026-02-05T12:39:04","modified_gmt":"2026-02-05T05:39:04","slug":"chieu-thuc-clickfix-giup-tin-tac-chiem-quyen-kiem-soat-may-tinh-chi-bang-mot-cu-dan-lenh","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/07\/14\/chieu-thuc-clickfix-giup-tin-tac-chiem-quyen-kiem-soat-may-tinh-chi-bang-mot-cu-dan-lenh\/","title":{"rendered":"Chi\u00eau th\u1ee9c \u201cClickFix\u201d gi\u00fap tin t\u1eb7c chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t m\u00e1y t\u00ednh ch\u1ec9 b\u1eb1ng m\u1ed9t c\u00fa d\u00e1n l\u1ec7nh"},"content":{"rendered":"

ClickFix – th\u1ee7 \u0111o\u1ea1n l\u1eeba \u0111\u1ea3o d\u1ef1 ki\u1ebfn s\u1ebd b\u00f9ng n\u1ed5 trong c\u00e1c chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng m\u1ea1ng trong 2025. Kh\u00e1c v\u1edbi c\u00e1c h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng truy\u1ec1n th\u1ed1ng qua email l\u1eeba \u0111\u1ea3o hay file \u0111\u00ednh k\u00e8m \u0111\u1ed9c h\u1ea1i, chi\u00eau th\u1ee9c n\u00e0y l\u1ee3i d\u1ee5ng t\u00e2m l\u00fd mu\u1ed1n “s\u1eeda nhanh l\u1ed7i m\u00e1y” \u0111\u1ec3 d\u1ee5 ng\u01b0\u1eddi d\u00f9ng t\u1ef1 tay ch\u1ea1y l\u1ec7nh \u0111\u1ed9c h\u1ea1i. <\/b><\/p>\n

\"1752477958423.png\"<\/a>\u200b<\/div>\n

ClickFix l\u00e0 m\u1ed9t chi\u00eau th\u1ee9c t\u1ea5n c\u00f4ng x\u00e3 h\u1ed9i (social engineering), trong \u0111\u00f3 k\u1ebb x\u1ea5u gi\u1ea3 danh k\u1ef9 thu\u1eadt vi\u00ean ho\u1eb7c c\u00e1c th\u01b0\u01a1ng hi\u1ec7u c\u00f4ng ngh\u1ec7 l\u1edbn nh\u01b0 DocuSign, Okta, cung c\u1ea5p \u201ch\u01b0\u1edbng d\u1eabn s\u1eeda l\u1ed7i\u201d cho c\u00e1c s\u1ef1 c\u1ed1 ph\u1ed5 bi\u1ebfn nh\u01b0 l\u1ed7i driver, pop-up phi\u1ec1n ph\u1ee9c hay l\u1ed7i \u0111\u0103ng nh\u1eadp. H\u1eadu qu\u1ea3 l\u00e0 tin t\u1eb7c c\u00f3 th\u1ec3 chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t m\u00e1y t\u00ednh, \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u, th\u1eadm ch\u00ed m\u1edf \u0111\u01b0\u1eddng cho t\u1ea5n c\u00f4ng ransomware.<\/p>\n

Nh\u01b0ng thay v\u00ec s\u1eeda l\u1ed7i th\u1eadt, h\u01b0\u1edbng d\u1eabn n\u00e0y y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng copy-d\u00e1n m\u1ed9t \u0111o\u1ea1n l\u1ec7nh (th\u01b0\u1eddng l\u00e0 PowerShell) v\u00e0o khung Run (Win+R) ho\u1eb7c c\u1eeda s\u1ed5 terminal (Win+X) tr\u00ean Windows. \u0110o\u1ea1n l\u1ec7nh n\u00e0y \u0111\u01b0\u1ee3c ch\u00e8n s\u1eb5n v\u00e0o clipboard (b\u1ed9 nh\u1edb t\u1ea1m) th\u00f4ng qua m\u00e3 JavaScript \u0111\u1ed9c h\u1ea1i t\u1eeb c\u00e1c trang web gi\u1ea3, qu\u1ea3ng c\u00e1o \u0111\u1ed9c h\u1ea1i, video h\u01b0\u1edbng d\u1eabn gi\u1ea3 m\u1ea1o ho\u1eb7c di\u1ec5n \u0111\u00e0n h\u1ed7 tr\u1ee3 k\u1ef9 thu\u1eadt \u201cr\u1edfm\u201d \u2013 m\u1ed9t k\u1ef9 thu\u1eadt c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 pastejacking.<\/p>\n

Nguy hi\u1ec3m n\u1eb1m \u1edf ch\u1ed7 kh\u00f4ng c\u00f3 file \u0111\u00ednh k\u00e8m \u0111\u1ed9c h\u1ea1i, kh\u00f4ng c\u00f3 link l\u1eeba \u0111\u1ea3o v\u00e0 ch\u00ednh ng\u01b0\u1eddi d\u00f9ng l\u00e0 ng\u01b0\u1eddi ch\u1ee7 \u0111\u1ed9ng ch\u1ea1y m\u00e3 \u0111\u1ed9c m\u00e0 kh\u00f4ng h\u1ec1 hay bi\u1ebft.<\/p>\n

Trong n\u0103m 2025, c\u00e1c nh\u00f3m t\u1ea5n c\u00f4ng \u0111\u00e3 k\u1ebft h\u1ee3p ClickFix v\u00e0o nhi\u1ec1u chi\u1ebfn d\u1ecbch ph\u00e1t t\u00e1n ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p v\u00e0 m\u00e3 \u0111\u1ed9c chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n t\u1eeb xa, bao g\u1ed3m:<\/p>\n