2026-01-19 12:36:42

A malicious Chrome ad blocker variant is actively circulating. Security researchers at Huntress have identified it as CrashFix—an upgraded version of the ClickFix exploit that deliberately crashes your browser, then prompts you to execute attacker commands during the recovery process.

The campaign is reportedly distributed through KongTuke, a traffic routing system frequently used to chain multiple attacks together. Here's the attack sequence: users install what appears to be a legitimate ad blocker, the malware triggers a browser crash, and in the panic of trying to fix it, users unknowingly run malicious scripts.

The implications are serious for crypto holders—compromised browsers can steal wallet credentials, private keys, and seed phrases. If you're using browser-based wallets or interacting with Web3 dApps, this kind of threat directly puts your funds at risk.

To stay safe: stick to official browser extensions from verified sources, be skeptical of unsolicited "fix" prompts after crashes, and always verify extension publishers before installation. Consider using hardware wallets for large holdings as an additional layer of protection.

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

8 Likes

Reward
8
5
Repost
Share

Comment

0/400

SchrodingerWallet

· 6h ago

Oh my god, there's a new scam again. This time they don't even spare ad blockers, it's really outrageous. Oh my, these days even fixing a browser can lead to phishing. No wonder I only trust hardware wallets. CrashFix's operation is truly outrageous... When the browser crashes, my mind crashes too, haha. I'm too lazy to bother installing things. Large assets are safer in cold wallets. Another reason not to install browser plugins—too dangerous.

View OriginalReply0

YieldWhisperer

· 6h ago

ngl this CrashFix thing is just ClickFix with better social engineering... actually the attack vector hasn't fundamentally changed since 2021. panic-driven execution is peak user vulnerability, saw this exact pattern with the MetaMask impersonators back then

Reply0

ChainProspector

· 6h ago

Damn, another phishing plugin? Bro, I almost fell for it last time. Luckily, I didn't install that crappy thing.

View OriginalReply0

ser_we_are_early

· 6h ago

Here comes another deceptive fake extension, this time directly crashing the browser, truly unbelievable --- CrashFix's move is quite aggressive, a browser crash is a real trap --- I was wondering why so many wallets were emptied, turns out this thing is causing trouble --- Oh my goodness, never install any ad blocker randomly, the risks are really frightening --- Hardware wallets are truly secure, I won't fall for the traps of browser extensions anymore --- Press confirm in panic mode, and this deal is done, this move is too ruthless --- KongTuke's chain attack method is indeed a top-tier black operation in the industry --- Exposing the private key = game over, a reminder again to use a cold wallet if needed

View OriginalReply0

SerNgmi

· 6h ago

Damn, it's the same old trick again—browser crashes and then prompts you to click on a repair script. Truly clever.

View OriginalReply0