ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.
A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.
We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- More than 100,000 hackers have details exposed through malware on cyber crime forums
August 15, 2023
Researchers have revealed that more than 100,000 hackers could be operating on compromised devices due to their involvement on cyber crime forums. A study from Hudson Rock identified around 120,000 devices infected with malware that contained login credentials for cyber crime forums. The firm said that many of the individuals operating with compromised machines may have ...
- Discord.io gets taken down after massive data breach
August 15, 2023
Discord.io, a third-party service that helps people generate custom invites for their Discord channels, has been hacked, and information on some 760,000 members stolen. The service has since suspended its operations, and the attacker explained that this is actually a ransom attack – with a twist. As seen on BleepingComputer, a user going by the name ...
- New widespread IoT compromise could affect millions of logic controller chips
August 15, 2023
Microsoft security researcher Vladimir Tokarev demonstrated an interesting attack on the industrial internet of things automation software called Codesys. Tokarev, who showed the exploit last week at the annual BlackHat security conference in Las Vegas, used a miniature elevator model to demonstrate how the attack could crash its cab. The software – and more importantly, its ...
- UK: Victims and witnesses personal data leaked by Norfolk and Suffolk police
August 15, 2023
A total of 1,230 people, including victims of crime and witnesses, have had their data breached by Norfolk and Suffolk police forces. The constabularies said the personal information was included in Freedom of Information (FOI) responses due to a “technical issue”. They said the data was hidden from anyone opening the files but should not have ...
- CISA Releases Two Industrial Control Systems Advisories
August 15, 2023
CISA released two Industrial Control Systems (ICS) advisories on August 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-227-01 Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Clorox says certain business operations disrupted in cyber attack
August 14, 2023
Clorox said on Monday it had taken certain systems offline after unauthorized activity disrupted some business operations. It said it was implementing workarounds for certain offline operations in order to continue servicing its customers and had engaged third-party cybersecurity experts to support its investigation and recovery efforts. Read more… Source: MSN News

