Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Gang says ICBC paid ransom over hack that disrupted US Treasury market

    November 14, 2023

    China’s biggest lender, the Industrial and Commercial Bank of China, paid a ransom after it was hacked last week, a Lockbit ransomware gang representative said on Monday in a statement which Reuters was unable to independently verify. ICBC, whose U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on ...

  • #StopRansomware: Royal Ransomware Update

    November 13, 2023

    The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Royal ransomware IOCs and TTPs identified through FBI threat response activities as recently as June 2023. Since approximately September 2022, cyber threat actors have compromised U.S. and international organizations with Royal ransomware. FBI and ...

  • Bitcoin ATM operator Coin Cloud suffers severe data breach

    November 13, 2023

    Coin Cloud, a prominent Bitcoin ATM operator, has fallen victim to a significant security breach in a recent development that has shaken the cryptocurrency world. Hackers, whose identities remain unknown, have reportedly seized control of Coin Cloud’s backend system source code and accessed sensitive customer data, including 70,000 client selfies and personal details of around 300,000 ...

  • Data breach of Michigan healthcare giant exposes millions of records

    November 13, 2023

    Michigan-based healthcare nonprofit McLaren Health Care notified more than 2 million people about a data breach exposing personal information on Thursday, according to a data breach notification report. Unauthorized access to McLaren systems began on July 28 and lasted through August, but the individual impact varies from person to person. According to a notice on ...

  • In-depth analysis of July 2023 exploit chain featuring CVE-2023-36884 and CVE-2023-36584

    November 13, 2023

    During their analysis of a July 2023 campaign targeting groups supporting Ukraine’s admission into NATO, Unit 42 researchers discovered a new vulnerability for bypassing Microsoft’s Mark-of-the-Web (MotW) security feature. This activity has been attributed by the community to the pro-Russian APT group known as Storm-0978 (also known as the RomCom Group, in reference to their use ...

  • Boeing confirms ransomware attack as stolen data released by cybercrime gang Lockbit

    November 11, 2023

    Stolen data from American aircraft manufacturer Boeing has been released online by the cybercrime gang, Lockbit, according to the group’s website. Boeing confirmed a cybersecurity incident involving elements of its parts and distribution business. “We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from ...