Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Israel’s Cyber Directorate warns of phishing attack by Iran-based hacking squad

    December 26, 2023

    Israel’s National Cyber Directorate issued a statement Tuesday warning of a phishing attack by Iranian hackers. Posing as American network security conglomerate F5, Iranian hackers sent an email to IT officials in multiple Israeli companies with instructions to download what seems like an update, but is actually malware, said the directorate. Working with an unnamed commercial ...

  • Motorists data stolen as RingGo parking app-owner hit by cyber attack

    December 26, 2023

    Hackers have stolen data including partial credit card numbers from parking apps used by millions of motorists. EasyPark, which owns RingGo and ParkMobile, said the details of at least 950 customers in the UK had been stolen by hackers, including names, phone numbers, addresses, email addresses and parts of credit card numbers. Read more… Source: MSN News  

  • Hackers stole $2 billion in crypto in 2023, data shows

    December 26, 2023

    For yet another year, hackers stole billions of dollars in crypto. But for the first time since 2020, the trend is downwards, according to crypto security firms. This year, hackers stole around $2 billion dollars in crypto across dozens of cyberattacks and thefts, according to De.FI, the web3 security firm that runs the REKT database. The ...

  • Estonia: At least one case of extortion reported following Asper Biogene data leak

    December 25, 2023

    Investigations into the Asper Biogene data leak that came to light last week are ongoing, and there is already at least one known case of an attempt to extort money from an individual in connection with the data leak. When the data theft case came to light, police warned that the situation could be exploited by ...

  • The rising threat of phishing attacks with Crypto Drainers

    December 22, 2023

    A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. The cryptocurrency community has been witnessing an alarming increase in sophisticated phishing attacks. These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks ...

  • Rhode Island: Data breach at Wyatt steals info of detainees, staff and vendors

    December 22, 2023

    At least 1,454 detainees of the Donald W. Wyatt Detention Facility, 438 current and former staff members and 92 vendors have been affected by a virus in the facility’s computer system, Wyatt announced Friday. The FBI is now investigating the matter, which Wyatt discovered on November 2. “At this time, we believe that various types of ...