Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • FBI: Cyber Criminal Group TeamPCP

    July 2, 2026

    The Federal Bureau of Investigation (FBI) is releasing this FLASH to highlight the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with the cyber criminal group TeamPCP. TeamPCP actors have conducted large-scale software supply chain compromises by targeting widely used developers and security tools, gaining access to victim environments and extracting sensitive ...

  • Politician who investigated spyware abuses had his phone hacked with Pegasus spyware

    July 2, 2026

    Security researchers have confirmed that a European politician had his phone hacked with the Pegasus spyware while serving on an investigatory committee probing abuses of the notorious surveillance tool. This has reignited fresh controversy over governments abusing spyware to collect information about their critics. The researchers at the University of Toronto’s digital rights unit The Citizen ...

  • Hackers breached DHS information-sharing network

    June 30, 2026

    A key Department of Homeland Security information-sharing database was accessed by an unknown threat actor in recent weeks, potentially exposing sensitive data exchanged between federal, state, local and industry partners, according to two people familiar with the matter. DHS investigators are probing the intrusion of the Homeland Security Information Network, said both people, who spoke on ...

  • Apple releases security patches for iOS, MacOS Tahoe, Safari

    June 30, 2026

    Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac. The updates for iOS/iPadOS, MacOS Tahoe, and Safari were issued after testing on iOS 26.6 and iPadOS 26.6 betas. What stands out in the update is that a lot of the vulnerabilities were found in WebKit, the browser engine that powers Safari ...

  • ToddyCat: your hidden email assistant. Part 2

    June 30, 2026

    Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting ...

  • Japan: Over 14 million login credentials leaked from six ISPs in major data breach

    June 29, 2026

    A data breach that has potentially exposed the email and password combinations for over 14 million customers across six internet service providers (ISPs) has been disclosed by Japanese telecoms provider KDDI Corporation. According to the company, hackers exploited a vulnerability in a third-party software to access the database of credentials. KDDI said that it immediately blocked ...