Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • New Multi-Stage StopCrypt Ransomware

    March 12, 2024

    The SonicWall Capture Labs threat research team recently observed a new variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file encryption code. Infection Cycle At the start of execution, it creates a string of msim32.dll on the stack, and, using LoadLibrary, loads ...

  • Is Cybersecurity The Achilles’ Heel Of The Electric Vehicle Revolution?

    March 12, 2024

    The electric vehicle (EV) sector, though nascent and in its formative years, faces numerous challenges. Recent concerns, such as “range anxiety” (a vehicle battery’s charge and ability to complete a planned journey) among consumers and incidents of vehicles losing power in cold temperatures, have contributed to a slowdown in adoption. While the trajectory of electric vehicle ...

  • Acer Philippines reports data breach in third-party vendor system

    March 12, 2024

    Acer Philippines confirmed through an official statement that a security breach occurred within a third-party vendor’s system. The vendor was responsible for managing Acer Philippines’ employee attendance data, and the breach resulted in the unauthorized access of this information. The company emphasized that this incident does not involve Acer Philippines customer databases. Customer data remains secure, ...

  • Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption

    March 12, 2024

    Ransomware activity remains on an upward trend despite the number of attacks claimed by ransomware actors decreasing by slightly more than 20% in the fourth quarter of 2023. Attackers have continually refined their tactics and proven quick to respond to disruption, finding new ways to infect victims. Analysis of data from ransomware leak sites shows that ...

  • Mysterious Werewolf hits defense industry with new RingSpy backdoor

    March 12, 2024

    The criminal group gains initial access through phishing emails with a compressed executable that unleashes RingSpy, an original remote access backdoor The BI.ZONE Threat Intelligence team has detected a new campaign by Mysterious Werewolf, a cluster that has been active since at least 2023. This time, the adversaries are targeting defense enterprises. To achieve their goals, ...

  • VCURMS: A Simple and Functional Weapon

    March 12, 2024

    Recently, FortiGuard Labs uncovered a phishing campaign that entices users to download a malicious Java downloader with the intention of spreading new VCURMS and STRRAT remote access trojans (RAT). The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware. The attacker attempts ...