Company confirms core platform and user data were unaffected.
A widely used student engagement platform was compromised in a social engineering scheme known as a ClickFix attack.
According to a security alert from the University of Michigan's Safe Computing team, iClicker’s website was compromised between April 12th and 16th, when visitors to the site were shown a fake CAPTCHA prompt that tricked them into copying and executing a malicious PowerShell script, leading to potential malware installation.
The attack impacted users who followed these instructions on Windows devices, granting threat actors full access to compromised systems.
The malicious script was designed to behave differently depending on the visitor. Non-targeted users, such as automated malware analysis systems, received a legitimate Microsoft component. In contrast, targeted users received a script that likely deployed an infostealer capable of extracting browser data, saved credentials, financial information, and cryptocurrency wallet contents.
Although iClicker later published a security bulletin confirming that the core platform and user data were unaffected.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
