Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Insurance giant Fidelity hit by data breach

    March 6, 2024

    Sensitive information belonging to tens of thousands of Fidelity Investments Life Insurance customers was stolen, reportedly thanks to a supply chain attack that happened in 2023. The insurance giant has filed a data breach notification with the Maine attorney general’s office in which it stated that 28,268 of its customers had their private data leaked after ...

  • Wyze reports a new data breach

    March 6, 2024

    Security cameras have become very popular for people to plug into their home network, hoping this with deter burglars (or should a robbery happen, that some footage of the event will be captured). Yet how secure is the digital image data? Recently, Wyze users encountered a camera breach with the cybersecurity incident impacting some 13,000 users. ...

  • Ontario: City of Hamilton confirms ransomware is behind cyber attack

    March 5, 2024

    Ransomware is behind the cyber attack on the city of Hamilton, Ont., the municipality’s city manager says. Marnie Cluckie told reporters Monday afternoon that the attack, which was detected the evening of Sunday, Feb. 25, was the result of ransomware. She wouldn’t say what strain of the malware the city has been hit with, how long ...

  • Hacker forum post claims UnitedHealth paid $22 mln ransom in bid to recover data

    March 5, 2024

    A post on a hacker forum popular with cybercriminals has claimed UnitedHealth Group opens new tab paid $22 million in a bid to recover access to data and systems encrypted by the “Blackcat” ransomware gang, according to two researchers. Neither UnitedHealth nor the hackers involved have commented on the alleged ransom payment, but a cryptocurrency tracing ...

  • Network tunneling with… QEMU?

    March 5, 2024

    While investigating an incident at a large company a few months ago, kaspersky researchers detected uncommon malicious activity inside one of the systems. They ran an analysis on the artifacts, only to find that the adversary had deployed and launched the following: The Angry IP Scanner network scanning utility The mimikatz password, hash, and Kerberos ticket extractor, and ...

  • US airman pleads guilty to leaking classified documents

    March 5, 2024

    Jack Teixeira, a member of the Massachusetts Air National Guard charged with leaking classified military documents on a social media platform, pleaded guilty on Monday to carrying out one of the most serious U.S. national security breaches in years. The 22-year-old pleaded guilty to six counts of willful retention and transmission of classified information relating to ...