The iClicker website, widely used by colleges across the U.S., was compromised in mid-April 2025 in a ClickFix-style attack that used a deceptive CAPTCHA to trick users into executing a PowerShell script.
Once users followed instructions to paste and run the script, their devices could silently download a second script from a remote server—some of which installed malware giving attackers full access to the system.
While the malware's exact nature varied depending on the visitor, past incidents suggest it likely included infostealers capable of harvesting credentials, browsing data, and even cryptocurrency wallets.
The attack was especially dangerous to students and faculty, as their access could be used to infiltrate wider university networks.
Though the malicious script no longer runs on the site, iClicker acknowledged the breach in a hard-to-find bulletin and emphasized that core systems and data weren’t impacted.
Users who interacted with the fake CAPTCHA are advised to run security scans, change passwords, and adopt a password manager for added protection.
Read more...