TOKYO, Oct 04 (News On Japan) - A new form of cyberattack is rapidly spreading by exploiting the familiar pop-up that asks users to confirm they are not robots. Known as "Clickfix," the attack was first detected in 2024 and has been expanding quickly through 2025, prompting police in Tokyo and Aichi Prefecture to issue warnings.
The method works by displaying a fake "I am not a robot" verification screen. If users follow the on-screen instructions, they are tricked into carrying out three key commands that immediately trigger infection: pressing the Windows key plus R, pressing CTRL plus V, and finally pressing Enter.
"At the moment the Enter key is pressed, the malware is instantly downloaded," explained Takashi Yoshikawa of Mitsui Bussan Secure Directions. "What makes this particularly dangerous is that there is no visible sign of infection on the screen, so many victims never realize they have been deceived." Once infected, personal and sensitive data on the computer may be stolen.
Interviews with the public revealed a lack of awareness about such risks. A woman in her 20s said she had always thought entering personal information was the bigger danger, not the authentication process itself. "If it just asked me to press Enter, I might do it without thinking," she said.
Experts warn that the fake verification screens mimic legitimate security checks. Professor Takao Okubo of the Institute of Information Security explained that genuine "I am not a robot" systems often monitor cursor movements to distinguish between human and machine actions. In the past, distorted-character tests were common, but as artificial intelligence has learned to read them, such methods are declining.
As online security evolves, verification systems are changing to keep ahead of automation and fraud. Authorities urge the public to be alert: if a supposed robot check asks for unusual key commands, it is likely a scam designed to infect computers instantly.
Source: TBS
