ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.
A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.
We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
November 10, 2023
On October 31, 2023, Atlassian published an advisory on CVE-2023-22518, an Improper authorization vulnerability involving the Confluence Data Center and Server. Initially reported to cause data loss, it was eventually revealed that exploiting this vulnerability allows unauthorized users to reset and create a Confluence instance administrator account, allowing them to perform all admin privileges available to ...
- YouTube shows ads for ad blocker, financial scams
November 10, 2023
After performing local experiments for a few months, YouTube recently expanded its effort to block ad blockers. The move was immediately unpopular with some users, and raised some questions in Europe about whether it was breaking privacy laws. In addition, there are some still some fundamental issues that have some people concerned. In this blog post, ...
- Ducktail fashion week
November 10, 2023
Ducktail is a malware family that has been active since the second half of 2021 and aims to steal Facebook business accounts. Kaspersky Daily Iran, WithSecure, and GridinSoft have all covered Ducktail attacks: the infostealer spread under the guise of documents relating to well-known companies’ and brands’ projects and products. The group behind the Ducktail attacks presumably ...
- CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
November 10, 2023
This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. CVSS · HIGH · 8.6/10 · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Scoring scenario: GENERAL AattackVector: NETWORK AttackComplexity: LOW PrivilegesRequired: NONE Read more… Source: Rapid7
- U.S. arm of China mega-lender ICBC hit by ransomware attack
November 10, 2023
The U.S. arm of China’s largest bank said Thursday that it was hit by a ransomware attack, forcing clients to reroute trades and disrupting the U.S. Treasury market. Ransomware attacks typically access vulnerable computer systems and encrypt or steal data, before sending a ransom note demanding payment in exchange for decrypting the data or not releasing ...
- Modern Asian APT groups’ tactics, techniques and procedures (TTPs)
November 9, 2023
This report consists of six main sections – Incidents involving Asian APT groups in various regions of the planet Information on five unique incidents that Kaspersky researchers detected in different parts of the world. Each incident is a unique case within a specific country and industry, and they provide a description of the actions and TTPs ...

