{"id":6907,"date":"2025-11-30T16:02:13","date_gmt":"2025-11-30T15:02:13","guid":{"rendered":"https:\/\/viva.racunalniske-novice.com\/lazna-windows-posodobitev-krade-gesla-in-kripto-denarnice\/"},"modified":"2025-11-30T16:02:13","modified_gmt":"2025-11-30T15:02:13","slug":"lazna-windows-posodobitev-krade-gesla-in-kripto-denarnice","status":"publish","type":"post","link":"https:\/\/viva.racunalniske-novice.com\/en\/fake-windows-update-steals-passwords-and-crypto-wallets\/","title":{"rendered":"Fake Windows update steals passwords and crypto wallets"},"content":{"rendered":"<p class=\"wp-block-paragraph\">Cybercriminals have updated the notorious ClickFix malware to now pretend to be a legitimate Windows update, tricking users into pasting malicious code into the Run window. What makes this attack particularly clever is that it uses pixel data from a PNG file to trigger malicious code that steals usernames, passwords, crypto wallets, banking details, and other sensitive information.<br><br>Researchers at Huntress recently uncovered a new variant of ClickFix. It displays a fake full-screen browser window that mimics a Windows update, complete with a progress bar stuck at 95 percent for a supposed \u201ccritical security update.\u201d The malware is most commonly found on fake adult websites that mimic popular portals, often in the form of advertisements or age verification prompts. Clicking on such an element triggers the fake update window.<br><br>Users are then prompted to press Windows + R, paste the malicious code, unknowingly granting the cyber attackers access with administrative privileges. The command launches the mshta (Microsoft HTML Application Host) program with a malicious URL, which downloads additional code from the hexadecimal source. PowerShell scripts are then run, confusing security programs such as Bitdefender, and decrypting the PNG file, from which shell commands are extracted, which are injected into already running processes.<br><br>Although PNG appears harmless, its pixels contain encrypted malicious code. Once decrypted, infostealers such as Rhadamanthys or LummaC2 are triggered, collecting passwords, credentials, and crypto wallet data and sending them to foreign servers.<br><br>Huntress reports that this variant has been spreading since early October, with many domains still hosting the fake update window. The hackers further obscure the code with random lines or even strange quotes, including from a UN disarmament meeting.<br><br>ClickFix is one of the most sophisticated forms of data-stealing malware ever. Experts advise users to check domain URLs, avoid suspicious ads, and never enter unknown commands into their devices.<\/p>\n<div class=\"embed-container\"><iframe src=\"https:\/\/www.youtube.com\/embed\/bi9EknqFyJA\" frameborder=\"0\" allowfullscreen><\/iframe><\/div><br\/>","protected":false},"excerpt":{"rendered":"<p>Kibernetski kriminalci so posodobili zloglasni zlonamerni program ClickFix, ki se zdaj pretvarja, da je legitimna posodobitev sistema Windows. S tem uporabnike prelisi\u010dijo, da v okno \u00bbZa\u017eeni\u00ab prilepijo zlonamerno kodo. Posebna premetenost tega napada je v tem, da uporablja podatke slikovnih pik iz datoteke PNG za spro\u017eitev zlonamerne kode, ki kradejo uporabni\u0161ka imena, gesla, kripto denarnice, [&hellip;]<\/p>","protected":false},"author":2,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[68],"tags":[136],"class_list":["post-6907","post","type-post","status-publish","format-standard","hentry","category-operacijski-sistemi","tag-windows-operacijski-sistem"],"acf":{"subtitle":"Nova razli\u010dica zlonamernega programa ClickFix se predstavlja kot legitimna posodobitev sistema Windows. S pomo\u010djo skrite kode v PNG datotekah napadalci kradejo gesla, kripto denarnice in druge ob\u010dutljive podatke. Raziskovalci opozarjajo na nevarnost la\u017enih spletnih strani in pozivajo k ve\u010dji previdnosti.","heading":"","summary":"Nova razli\u010dica zlonamernega programa ClickFix se predstavlja kot legitimna posodobitev sistema Windows. S pomo\u010djo skrite kode v PNG datotekah napadalci kradejo gesla, kripto denarnice in druge ob\u010dutljive podatke. Raziskovalci opozarjajo na nevarnost la\u017enih spletnih strani in pozivajo k ve\u010dji previdn","thumbnail_small":"https:\/\/racunalniske-novice.com\/wp-content\/uploads\/2025\/07\/Windows-11-finally-overtakes-Windows-10-as-worlds-top-desktop-OS-560x315.jpg","thumbnail_large":"https:\/\/racunalniske-novice.com\/wp-content\/uploads\/2025\/07\/Windows-11-finally-overtakes-Windows-10-as-worlds-top-desktop-OS.jpg","thumbnail_caption":"Foto: Lenovo","gallery":"","video_gallery":[{"youtube_url":"https:\/\/www.youtube.com\/watch?v=bi9EknqFyJA"}],"author":"","links":[{"title":"ClickFix","url":""}],"sources":null,"skip_language":[]},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>La\u017ena Windows posodobitev krade gesla in kripto denarnice - Ra\u010dunalni\u0161ke novice<\/title>\n<meta name=\"description\" content=\"Nova razli\u010dica zlonamernega programa ClickFix se predstavlja kot legitimna posodobitev sistema Windows. S pomo\u010djo skrite kode v PNG datotekah napadalci kradejo gesla, kripto denarnice in druge ob\u010dutlj\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/viva.racunalniske-novice.com\/en\/wp-json\/wp\/v2\/posts\/6907\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"La\u017ena Windows posodobitev krade gesla in kripto denarnice - Ra\u010dunalni\u0161ke novice\" \/>\n<meta property=\"og:description\" content=\"Kibernetski kriminalci so posodobili zloglasni zlonamerni program ClickFix, ki se zdaj pretvarja, da je legitimna posodobitev sistema Windows. S tem uporabnike prelisi\u010dijo, da v okno \u00bbZa\u017eeni\u00ab prilepijo zlonamerno kodo. Posebna premetenost tega napada je v tem, da uporablja podatke slikovnih pik iz datoteke PNG za spro\u017eitev zlonamerne kode, ki kradejo uporabni\u0161ka imena, gesla, kripto denarnice, [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/viva.racunalniske-novice.com\/en\/fake-windows-update-steals-passwords-and-crypto-wallets\/\" \/>\n<meta property=\"og:site_name\" content=\"Ra\u010dunalni\u0161ke novice\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-30T15:02:13+00:00\" \/>\n<meta name=\"author\" content=\"sinusiks\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"sinusiks\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/viva.racunalniske-novice.com\/lazna-windows-posodobitev-krade-gesla-in-kripto-denarnice\/\",\"url\":\"https:\/\/viva.racunalniske-novice.com\/lazna-windows-posodobitev-krade-gesla-in-kripto-denarnice\/\",\"name\":\"La\u017ena Windows posodobitev krade gesla in kripto denarnice - Ra\u010dunalni\u0161ke novice\",\"isPartOf\":{\"@id\":\"https:\/\/viva.racunalniske-novice.com\/en\/#website\"},\"datePublished\":\"2025-11-30T15:02:13+00:00\",\"dateModified\":\"2025-11-30T15:02:13+00:00\",\"author\":{\"@id\":\"https:\/\/viva.racunalniske-novice.com\/en\/#\/schema\/person\/afb62e36efa34516d50249517e4cdbb4\"},\"breadcrumb\":{\"@id\":\"https:\/\/viva.racunalniske-novice.com\/lazna-windows-posodobitev-krade-gesla-in-kripto-denarnice\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/viva.racunalniske-novice.com\/lazna-windows-posodobitev-krade-gesla-in-kripto-denarnice\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/viva.racunalniske-novice.com\/lazna-windows-posodobitev-krade-gesla-in-kripto-denarnice\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/viva.racunalniske-novice.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"La\u017ena Windows posodobitev krade gesla in kripto denarnice\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/viva.racunalniske-novice.com\/en\/#website\",\"url\":\"https:\/\/viva.racunalniske-novice.com\/en\/\",\"name\":\"Ra\u010dunalni\u0161ke novice\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/viva.racunalniske-novice.com\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/viva.racunalniske-novice.com\/en\/#\/schema\/person\/afb62e36efa34516d50249517e4cdbb4\",\"name\":\"sinusiks\",\"sameAs\":[\"https:\/\/ml.racunalniske-novice.com\"],\"url\":\"https:\/\/viva.racunalniske-novice.com\/en\/author\/sinusiks\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"La\u017ena Windows posodobitev krade gesla in kripto denarnice - Ra\u010dunalni\u0161ke novice","description":"Nova razli\u010dica zlonamernega programa ClickFix se predstavlja kot legitimna posodobitev sistema Windows. S pomo\u010djo skrite kode v PNG datotekah napadalci kradejo gesla, kripto denarnice in druge ob\u010dutlj","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/viva.racunalniske-novice.com\/en\/wp-json\/wp\/v2\/posts\/6907","og_locale":"en_US","og_type":"article","og_title":"La\u017ena Windows posodobitev krade gesla in kripto denarnice - Ra\u010dunalni\u0161ke novice","og_description":"Kibernetski kriminalci so posodobili zloglasni zlonamerni program ClickFix, ki se zdaj pretvarja, da je legitimna posodobitev sistema Windows. S tem uporabnike prelisi\u010dijo, da v okno \u00bbZa\u017eeni\u00ab prilepijo zlonamerno kodo. Posebna premetenost tega napada je v tem, da uporablja podatke slikovnih pik iz datoteke PNG za spro\u017eitev zlonamerne kode, ki kradejo uporabni\u0161ka imena, gesla, kripto denarnice, [&hellip;]","og_url":"https:\/\/viva.racunalniske-novice.com\/en\/fake-windows-update-steals-passwords-and-crypto-wallets\/","og_site_name":"Ra\u010dunalni\u0161ke novice","article_published_time":"2025-11-30T15:02:13+00:00","author":"sinusiks","twitter_card":"summary_large_image","twitter_misc":{"Written by":"sinusiks","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/viva.racunalniske-novice.com\/lazna-windows-posodobitev-krade-gesla-in-kripto-denarnice\/","url":"https:\/\/viva.racunalniske-novice.com\/lazna-windows-posodobitev-krade-gesla-in-kripto-denarnice\/","name":"La\u017ena Windows posodobitev krade gesla in kripto denarnice - Ra\u010dunalni\u0161ke novice","isPartOf":{"@id":"https:\/\/viva.racunalniske-novice.com\/en\/#website"},"datePublished":"2025-11-30T15:02:13+00:00","dateModified":"2025-11-30T15:02:13+00:00","author":{"@id":"https:\/\/viva.racunalniske-novice.com\/en\/#\/schema\/person\/afb62e36efa34516d50249517e4cdbb4"},"breadcrumb":{"@id":"https:\/\/viva.racunalniske-novice.com\/lazna-windows-posodobitev-krade-gesla-in-kripto-denarnice\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/viva.racunalniske-novice.com\/lazna-windows-posodobitev-krade-gesla-in-kripto-denarnice\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/viva.racunalniske-novice.com\/lazna-windows-posodobitev-krade-gesla-in-kripto-denarnice\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/viva.racunalniske-novice.com\/en\/"},{"@type":"ListItem","position":2,"name":"La\u017ena Windows posodobitev krade gesla in kripto denarnice"}]},{"@type":"WebSite","@id":"https:\/\/viva.racunalniske-novice.com\/en\/#website","url":"https:\/\/viva.racunalniske-novice.com\/en\/","name":"Ra\u010dunalni\u0161ke novice","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/viva.racunalniske-novice.com\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/viva.racunalniske-novice.com\/en\/#\/schema\/person\/afb62e36efa34516d50249517e4cdbb4","name":"sinusiks","sameAs":["https:\/\/ml.racunalniske-novice.com"],"url":"https:\/\/viva.racunalniske-novice.com\/en\/author\/sinusiks\/"}]}},"_links":{"self":[{"href":"https:\/\/viva.racunalniske-novice.com\/en\/wp-json\/wp\/v2\/posts\/6907","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/viva.racunalniske-novice.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/viva.racunalniske-novice.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/viva.racunalniske-novice.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/viva.racunalniske-novice.com\/en\/wp-json\/wp\/v2\/comments?post=6907"}],"version-history":[{"count":0,"href":"https:\/\/viva.racunalniske-novice.com\/en\/wp-json\/wp\/v2\/posts\/6907\/revisions"}],"wp:attachment":[{"href":"https:\/\/viva.racunalniske-novice.com\/en\/wp-json\/wp\/v2\/media?parent=6907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/viva.racunalniske-novice.com\/en\/wp-json\/wp\/v2\/categories?post=6907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/viva.racunalniske-novice.com\/en\/wp-json\/wp\/v2\/tags?post=6907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}