ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.
A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.
We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Understanding Malware-as-a-Service
June 15, 2023
Money is the root of all evil, including cybercrime. Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. The Malware-as-a-Service (MaaS) business model emerged as a result of ...
- Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
June 15, 2023
Starting as early as October 10, 2022, UNC4841 sent emails to victim organizations that contained malicious file attachments designed to exploit CVE-2023-2868 to gain initial access to vulnerable Barracuda ESG appliances. Over the course of their campaign, UNC4841 has primarily relied upon three principal code families to establish and maintain a presence on an ESG appliance, ...
- Progress Software Releases Security Advisory for MOVEit Transfer Vulnerability – CVE-2023-35708
June 15, 2023
Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment. In Progress MOVEit Transfer versions released before ...
- CISA Releases Fourteen Industrial Control Systems Advisories
June 15, 2023
CISA released fourteen Industrial Control Systems (ICS) advisories on June 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-166-01 SUBNET PowerSYSTEM Center ICSA-23-166-02 Advantech WebAccessSCADA ICSA-23-166-03 Siemens SICAM Q200 Devices Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine
June 15, 2023
The Shuckworm espionage group is continuing to mount multiple cyber attacks against Ukraine, with recent targets including security services, military, and government organizations. In some cases, Shuckworm has succeeded in staging long-running intrusions, lasting for as long as three months. The attackers repeatedly attempted to access and steal sensitive information such as reports about the deaths ...
- US government agencies hit in global cyberattack
June 15, 2023
“Several” US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software. The US Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement on ...

