Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • UK: Man charged after cyber attack saw terror messages displayed at train stations

    April 1, 2025

    A man has been charged after a cyber attack saw terror messages displayed across screens at Scotland’s busiest train stations. British Transport Police received multiple reports of a cyber security incident affecting Network Rail Wi-Fi services, provided by a third party, that displayed imagery “intended to incite religious hatred” on September 25, 2024. Network Rail said ...

  • GCHQ worker admits taking top secret data home

    March 31, 2025

    A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone. Hasaan Arshad, 25, pleaded guilty to an offence under the Computer Misuse Act on what would have been the first day of his trial at the Old Bailey in London. The charge related to committing ...

  • The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques

    March 31, 2025

    The Earth Alux APT group’s schemes and tactics have been uncloaked through our relentless monitoring and investigation efforts. The China-linked intrusion set is actively launching cyberespionage attacks against the government, technology, logistics, manufacturing, telecommunications, IT services, and retail sectors. The first sighting of its activity was in the second quarter of 2023; back then, it was ...

  • Oracle grapples with dual data breaches

    March 31, 2025

    Oracle is dealing with the fallout of a double data breach — one exposing patient data at US hospitals, and another raising concerns about its cloud security. Reports over the weekend suggest a breach at Oracle Health, formerly known as Cerner, has impacted multiple US healthcare organisations and hospitals. Threat actors are believed to have stolen ...

  • A Deep Dive into Water Gamayun’s Arsenal and Infrastructure

    March 28, 2025

    Water Gamayun, a suspected Russian threat actor also known as EncryptHub and Larva-208, has been exploiting the MSC EvilTwin (CVE-2025-26633), a zero-day vulnerability that was patched on March 11. In the first installment of this two-part series, Trend Research discussed in depth its discovery of an Water Gamayun campaign exploiting this vulnerability. In this blog entry, ...

  • Again and again, NSO Group’s customers keep getting their spyware operations caught

    March 28, 2025

    On Thursday, Amnesty International published a new report detailing attempted hacks against two Serbian journalists, allegedly carried out with NSO Group’s spyware Pegasus. The two journalists, who work for the Serbia-based Balkan Investigative Reporting Network (BIRN), received suspicious text messages including a link — basically a phishing attack, according to the nonprofit. In one case, Amnesty ...