Editing Selfie Photos Can Drain Your Bank Account: Beware of New Scam Method

Jakarta - For those who enjoy taking selfies and editing them, beware of cybercrime threats. A study has revealed a new method in photo editing that ends up draining victims’ bank accounts.

Findings from cybersecurity experts at Huntress have uncovered websites using the ClickFix modus operandi, offering services to remove backgrounds from selfie photos.

To reach many people in search engines, these websites employ SEO manipulation to stay at the top of search results.

Quoting Tech Radar, this modus operandi begins by asking potential victims to verify if they are human after uploading the photo to the service. The photo is not processed, uploaded, or shared.

The verification is carried out by opening the Windows Run programme. Then pasting a command into the clipboard.

This method actually causes the victim to run malware themselves. The device becomes infected with CastelLoader, which delivers additional payloads, and spreads second-stage malware including NetSupport RAT and CastleStealer.

The first malware is a trojan for remote attacks on the infected system. Meanwhile, CastleStealer is used to steal browser credentials, crypto wallet data, Discord tokens, and Telegram session files.

To address this issue, ensure that the services used are legitimate. Because no legitimate service asks users to verify they are not bots through device activities.

Additionally, administrators can disable the Win + R shortcut for Run. This can reduce victims running the malicious code.