New York, March 18, 2025 –ClickFix malware compromises 100+ car dealership sites, using fake error prompts to hijack user systems and spread dangerous malware.
A devastating cyberattack has compromised over 100 car dealership websites in a supply chain breach linked to the ClickFix malware.
Hackers infiltrated LES Automotive, a third-party service provider, injecting malicious scripts into dealership sites, tricking visitors into executing harmful commands that could give hackers full control of their systems.
This is the second major attack on car dealerships in less than a year, raising serious concerns about automotive cybersecurity. Victims of this attack were shown fake error messages or reCAPTCHA prompts.
Once clicked, a malicious command was copied to their clipboard, instructing them to paste it into their Windows Run prompt, unknowingly handing control over to hackers. cybersecurity researcher Randy McEoin warns:
This is a sophisticated, multi-stage attack designed to exploit trust.
The malware, SectopRAT, allows hackers to spy on victims, steal credentials, and install further payloads, leaving businesses and customers at severe risk. Denis Sinegubko, a security expert at GoDaddy warns:
With supply chain breaches rising, even the most secure companies can be vulnerable if their partners are compromised.
ClickFix malware has previously targeted WordPress sites and the hospitality sector, proving that no industry is safe. Experts urge dealerships and customers to stay vigilant.
With ClickFix hijacking trusted sites, ExpressVPN encrypts your data, ensuring hackers can’t track, steal, or exploit your online activity.
Other News At VPNRanks
Stay Informed with VPNRanks
Hey, wait! Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
