ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.
A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.
We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Prudential reveals it was hit by data breach
February 14, 2024
Hackers were able to break into one of the largest life insurance companies in the United States and stole sensitive employee and contractor data. Prudential Financial has filed an 8-K form with the U.S. Securities and Exchange Commission (SEC) detailing the attack, according to a report. As per the filing, unnamed threat actors accessed the networks ...
- TicTacToe Dropper
February 14, 2024
While analyzing malware samples collected from several victims, the FortiGuard team identified a grouping of malware droppers used to deliver various final-stage payloads throughout 2023. Malware droppers are malicious software designed to deliver and execute additional malware on a victim system and are employed to obfuscate final payloads during load and initial execution. Droppers within this ...
- Bank Of America Warns Customers Of Data Breach Following 2023 Hack
February 13, 2024
A November 2023 breach at IT consulting and service provider Infosys McCamish Systems has now been confirmed to have led to a data breach impacting Bank of America customers. The number of Bank of America customers impacted by the breach, including personally identifiable information such as social security numbers, account numbers, date of birth and addresses, ...
- CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)
February 13, 2024
Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage (NAS) devices, and QuTS hero is a core part of the firmware for numerous QNAP high-end and enterprise NAS devices. ...
- Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments
February 12, 2024
Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accounts, including senior executives. This post serves as a community warning regarding the attack and offers suggestions that affected organizations can implement to protect themselves from it. Proofpoint researchers detected ...
- UK: Contact details and national security numbers could have been stolen from Southern Water customers following cyber attack
February 12, 2024
The announcement, which went live on Southern Water’s website earlier today (February 12), confirms that ‘a limited part’ of the company’s server estate is at risk following an illegal intrusion earlier this year. Apologising for the breach, a spokesperson confirmed that the company is working with “expert technical advisers to confirm who is at risk,” and ...

