Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • 2023 Zscaler ThreatLabz Report Indicates 400% Growth in IoT Malware Attacks

    October 24, 2023

    This Zscaler ThreatLabz blog serves as a brief synopsis of the key points revealed in their 2023 Enterprise IoT and OT Threat Report. The report explores the growth of Internet of Things (IoT) device traffic and IoT malware attacks, in addition to how legacy vulnerabilities, targeted devices, and specific industries have become central players in the ...

  • 5 southwestern Ontario hospitals hit by cyberattack, patient appointments to be rescheduled

    October 24, 2023

    Online services such as patient records and email have been down since Monday morning at five southwestern Ontario hospitals following a cyberattack, according to the hospitals’ IT provider. TransForm is a local non-profit founded by Windsor Regional Hospital, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, Bluewater Health and the Chatham-Kent Health Alliance to run IT, supply chain ...

  • Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware

    October 24, 2023

    In Brazil the PIX payment system is becoming more and more popular. Unsurprisingly, cybercriminals are jumping on the bandwagon, trying to abuse the system for their profit. A good example of this is GoPIX, a malware campaign that has been active since December 2022. The attack cycle begins when a potential victim searches for “WhatsApp web”. ...

  • The outstanding stealth of Operation Triangulation

    October 23, 2023

    In the previous blogpost on Triangulation, Kaspersky researchers discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. The researchers mentioned, among other things, that it is able to execute additional modules. They also mentioned that this operation was quite stealthy. This article details ...

  • From Copacabana to Barcelona: The Cross-Continental Threat of Brazilian Banking Malware

    October 23, 2023

    Proofpoint researchers have long tracked clusters of malicious activity using banking malware to target users and organizations in Brazil and surrounding countries. Recently, researchers observed multiple threat clusters targeting Spain from threat actors and malware that have traditionally targeted Portuguese and Spanish speakers in Brazil, Mexico, and other parts of the Americas. While the targeting ...

  • Booking.com customers targeted by scam ‘confirmation’ emails

    October 23, 2023

    Travellers using the popular hotel website Booking.com are being warned not to fall for scam emails asking them to confirm their hotel payment, after a hack of Booking.com’s email system. In recent weeks the Observer has been contacted by a number of customers claiming that they had received scam emails from within the Booking.com system. ...