Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • A patched Windows attack surface is still exploitable

    March 14, 2024

    On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege (EoP), which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of this attack surface, according to a 2015 blog, is ...

  • Businesses leaving their Kubernetes containers exposed to ransomware

    March 14, 2024

    As businesses look for faster and more flexible development frameworks, the use of containers and Kubernetes (K8s) continues to rise. While Kubernetes theoretically has several security advantages compared to traditional applications, it remains one of the top concerns for organizations on their cloud-native journey. This concern is fairly valid it seems. A recent report found that ...

  • What’s in your notepad? Infected text editors target Chinese users

    March 13, 2024

    “Malvertising” is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, Kaspersky experts discussed a malvertising campaign that ...

  • CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign

    March 13, 2024

    The Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited CVE-2024-21412 through the use of fake software installers. During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led ...

  • Roku Discloses Data Breach, 15,000 Accounts Compromised

    March 13, 2024

    The streaming platform Roku has suffered a data breach, with more than 15,000 accounts compromised. The company – which has more than 80 million active accounts – revealed the breach in filings with the state attorney generals of Maine and California on Friday. The filings indicate that 15,363 accounts were compromised between Dec. 28, 2023, and ...

  • Chinese security authority warns of espionage traps in online dating and job hunting

    March 13, 2024

    Are they your like-minded “online friends”? Intimate “lovers”? Caring “friends”? Helpful “good Samaritans”? Or perhaps, these are all just sweet “traps” set by espionage forces, Chinese Ministry of State Security warned the public in its latest article published on Wednesday. The ministry listed several cases adapted from real life incidents with characters using pseudonyms in the ...