Security researchers have identified a new strain of malware dubbed "Goofy Clicker" that has been rapidly spreading through MSP networks across Texas since early Monday morning. Unlike previous peripheral-targeting malware, this variant affects ALL mouse types - both wired and wireless devices - by compromising the core Windows HID (Human Interface Device) subsystem.
According to initial reports from the Texas Cybersecurity Consortium, at least 47 MSPs in the Houston, Dallas, and Austin metropolitan areas have reported infections. What makes this malware particularly concerning is its ability to affect traditional wired mice that were previously considered immune to such attacks.
Reported Symptoms Include:
- Random clicking events occurring every 3-7 minutes
- Cursor spontaneously jumping to random screen coordinates
- Double-clicks registering as single clicks (and vice versa)
- Mouse sensitivity fluctuating between extremely slow and hypersensitive
- Occasional "phantom scrolling" in web browsers and documents
- Right-click context menus appearing without user input
"We first noticed something was wrong when multiple technicians started complaining about their mice 'acting possessed,' and this was happening to both our wireless AND wired setups. That's when we knew this wasn't just a typical driver issue - this thing was hitting everything."
The malware appears to infiltrate systems through compromised Windows updates that target the core Human Interface Device (HID) subsystem. Once installed, it affects all connected pointing devices regardless of connection type - USB wired mice, wireless receivers, and even trackpads on laptops have shown symptoms.
Dr. Jennifer Walsh, a malware researcher at UT Austin's Cybersecurity Lab, explains the attack vector: "What makes 'Goofy Clicker' so dangerous is that it operates at the Windows kernel level, intercepting mouse input signals before they reach applications. Wired mice users who thought they were safe are finding out that's no longer the case."
1. Unplug and reconnect ALL mouse devices (wired and wireless)
2. Restart the Windows HID service (services.msc → Human Interface Device Access)
3. Run full system scans during off-hours
4. Monitor for unusual mouse behavior on ALL device types
5. Contact your security vendor for the latest detection signatures
The malware's naming convention appears to be a reference to its seemingly random and "goofy" clicking patterns, which initially led many IT professionals to dismiss the symptoms as hardware failures rather than a coordinated attack.
Major antivirus vendors including Symantec, McAfee, and CrowdStrike have issued emergency signature updates to detect and remove the malware. Microsoft has also released an out-of-band security update addressing the driver vulnerabilities being exploited.
As investigations continue, cybersecurity experts are advising all MSPs to remain vigilant and implement additional monitoring for unusual peripheral device behavior. The full scope of the attack is still being assessed, with new reports coming in hourly.
The Texas Department of Information Resources has issued a statewide advisory recommending that all organizations verify the integrity of their HID drivers and implement enhanced monitoring for anomalous mouse behavior across their networks.