Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Northern Ireland: Man arrested on suspicion of terror offence linked to PSNI data breach released

    August 17, 2023

    A man arrested by detectives investigating criminality linked to last week’s major PSNI data breach has been released on bail to allow for further police enquiries. The 39-year-old man had been detained following a search in Lurgan, Co Armagh on Wednesday. He had been questioned on suspicion of collection of information likely to be of use ...

  • Threat Actors are Interested in Generative AI, but Use Remains Limited

    August 17, 2023

    Since at least 2019, Mandiant has tracked threat actor interest in, and use of, AI capabilities to facilitate a variety of malicious activity. Based on Mandiant own observations and open source accounts, adoption of AI in intrusion operations remains limited and primarily related to social engineering. In contrast, information operations actors of diverse motivations and capabilities ...

  • Patch-resistant autonomous exploits of Citrix NetScaler hardware hit thousands in Europe

    August 17, 2023

    Researchers have found an expansive and active threat campaign that exploited a severe Citrix NetScaler vulnerability to backdoor thousands of devices, including those that were subsequently patched. Attackers automated the exploitation of the remote code execution vulnerability, tracked as CVE-2023-3519, to place Web shells on vulnerable devices. These were found to persist through patches and reboots. Read ...

  • LinkedIn user accounts have been taken over in huge hacking campaign

    August 16, 2023

    Someone is targeting LinkedIn accounts, trying to break in with either login credentials leaked elsewhere, or with brute-force attacks. As a result, many people have had their accounts compromised, while others have been locked out due to too many failed login attempts. Read more… Source: TechRadar  

  • China’s Ministry of State Security warns of data security risks after Wuhan Earthquake Monitoring Center cyberattack

    August 16, 2023

    China’s Ministry of State Security (MSS) on Wednesday warned of data security risks after recent reports identified US intelligence agencies were behind a cyberattack on Wuhan Earthquake Monitoring Center. A joint investigation team formed by the National Computer Virus Emergency Response Center (CVERC) and Chinese cybersecurity company 360 discovered malicious backdoor software that exhibits characteristics of ...

  • Cyber crimes in Germany down 6.5% in 2022, federal police say

    August 16, 2023

    Cyber crimes in Germany fell by 6.5% in 2022, federal police said on Wednesday, but the decline was not a “relief” as the attacks were more severe and those originating from overseas rose by more than 8%. The economic damage was 203 billion euros ($221.59 billion), down slightly from last year, but still double that of ...