Even though video calling is not as common as it used to be, millions of people around the world, including myself, still use video calls when working remotely. As such, video calling remains a popular target for hackers, and new malware campaigns show how video calling can be the perfect lure for unsuspecting PC and Mac users.

As reported by BleepingComputer, a French cybersecurity firm has identified a new ClickFix campaign that uses fake Google Meet pages to trick people into infecting their PCs and Macs with malware.

This is not the first time I have warned about ClickFix; back in June, hackers used this social engineering tactic to target Google Chrome and Microsoft Word users through fake error messages. As you can see, this tactic is so effective that they started targeting Google Meet users. The urgency of having to join a video call on time is a great way to get people to drop their guard.

Here is everything you need to know about this latest ClickFix campaign, plus tips and tricks to protect your own PC or Mac from malware.

Like other malware campaigns, this one uses phishing emails as a way for the hackers behind it to gain a foothold to take control of their victims and their computers.

These phishing emails are quite convincing because they look like actual Google Meet video call invitations. However, an examination of the URLs of these meeting links reveals that something is amiss. Here are some of the URLs used in this campaign:

If you are familiar with Google Meet and use it as often as I do, then “meet.google.com” is the correct URL and the word Google and the .com top-level domain you will know that there should be nothing between the word Google and the .com top-level domain.

Still, someone in a hurry or not very familiar with Google Meet might click on such a fake landing page. If they do, they will get a pop-up message warning them that they need to fix a technical problem, such as a microphone or headset issue.

Clicking the “Try Fix” button in the error message will start the ClickFix infection process, which will paste the PowerShell code from the site into a Windows prompt, and your computer will be infected with Stealc or Rhadamanthys mal The computer is infected with Stealc or Rhadamanthys malware. The hacker behind this campaign drops the AMOS stealer as a .DMG file named “Launcher_v194” instead, on one of the best MacBooks.

In a report on the matter, Sekoia researchers explain that in addition to Google Meet, they have also identified similar ClickFix campaigns that lure in Zoom, PDF readers, fake video games, Web3 browsers, and messenger applications.

The most important thing to remember about these attacks is to be very careful when checking your inbox. Be on the lookout for emails from unknown senders or emails that seem urgent, such as those that make you click on a link or download an attachment.

From there, if you have not already done so, you should begin inspecting URLs. It is easy enough to examine the official website of a company or service and see what the page looks like. That way, you can tell if a link is suspicious before you actually click on it.

When it comes to PC and Mac protection, you want to ensure that you use the best antivirus software for Windows computers and the best Mac antivirus software for Apple computers. Both have built-in free antivirus software like Windows Defender and XProtect, but paid antivirus software is more frequently updated and will protect you from the latest threats.

ClickFix is a social engineering trick that has had considerable success so far, and we have seen hackers launch multiple campaigns using it throughout this year. As such, this type of threat and attack technique is not going away anytime soon.