Malicious ClickFix code was found on the websites of over 100 car dealerships. A malicious actor infected LES Automotive, which is a shared video service unique to car dealerships. The supply chain attack then impacted the car dealerships through the third-party domain. In ClickFix attacks, a prompt is displayed to the user asking them to fix an error or perform a reCAPTCHA challenge, and malicious code is then executed. ClickFix is often used to spread malware and information stealers. 

Read more: https://www.securityweek.com/100-car-dealerships-hit-by-supply-chain-attack/