ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.
A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.
We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Identifying Group Policy attacks
November 8, 2023
In this post Sophos researchers will be discussing Group Policy attacks, basing the threat hunt on a ransomware investigation undertaken by the Sophos X-Ops Incident Response team earlier this year. They will cover malicious behaviors associated with Active Directory and Group Policy attacks, showing you how to investigate and remediate some of these threats. Read more… Source: ...
- UK: Cyber attack hits island council computer systems
November 8, 2023
A suspected ransomware attack has caused significant disruption to IT systems at Western Isles local authority, Comhairle nan Eilean Siar. The council said access to its systems had been affected. The Scottish government and computer company Dell have been helping Comhairle nan Eilean Siar deal with the situation. Read more… Source: MSN News
- Indian hackers launch cyber attacks on Qatar to avenge death penalty of former Navy officers
November 8, 2023
An Indian hacker group, named ‘Indian Cyber Force’ launched cyber attacks on Qatar in response to the death sentence handed to eight former Indian Navy officers by a Qatari court in Espionage case. The Indian hackers claimed of carrying out cyber attacks on Qatar on November 7. They also alleged of executing unauthorised server access, leaked ...
- Personal data of 665,000 Marina Bay Sands lifestyle rewards members accessed in data security breach
November 7, 2023
The personal data of 665,000 Marina Bay Sands customers was accessed in a data security breach in October. The “unauthorised access” took place on Oct 19 and Oct 20 and involved the data of some Sands LifeStyle rewards programme members, said a Marina Bay Sands (MBS) spokesperson on Tuesday (Nov 7). MBS said in response ...
- Okta breach happened after employee logged into personal Google account
November 7, 2023
Okta has revealed details about a recent breach which exposed files belonging to customers. As Malwarebytes explained in their article about 1Password being a victim of this breach, it’s normal for Okta support to ask customers to upload a file known as an HTTP Archive (HAR) file. Having this file allows the team to troubleshoot ...
- Gaming-related cyberthreats in 2023: Minecrafters targeted the most
November 6, 2023
The gaming industry continues growing. The Newzoo report for 2023 reveals that two in five – more than three billion – across the globe are gamers, which is 6.3 percent more than last year. Globally, gaming revenue amounts to an estimated US$242.39 billion, with almost half of that generated by the Asia Pacific. By the ...

