Summary: A new variant of the “ClickFix” social engineering tactic, dubbed “CrashFix,” has emerged. It uses a malicious Chrome extension that intentionally crashes the user’s browser via an infinite script loop. When the user reopens the browser, they are prompted to install a “Repair Tool” that is actually a sophisticated infostealer.
Business Impact: High risk of corporate credential theft. Unlike traditional phishing, this attack uses the “panic” of a browser failure to bypass user caution. It effectively targets remote workers who may not have immediate access to IT support.
Why It Happened: Attackers are exploiting the technical complexity of modern browsers. By creating a self-inflicted “technical problem,” they establish a false sense of authority for the malicious “fix.”
Recommended Executive Action: Enforce an “Extension Allow-list” policy in your enterprise browser management. Educate staff that IT will never prompt for “Repair Tools” via a web browser and to report any repeated browser crashes to the SOC immediately.
Hashtags: #ClickFix #CrashFix #ChromeSecurity #Infostealer #SocialEngineering #EndpointProtection