Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Spanish Globalcaja bank confirms ransomware attack

    June 5, 2023

    A prominent Spanish bank has confirmed that it is dealing with a ransomware attack that has impacted multiple branches. On Friday, Globalcaja issued a statement assuring customers that the incident has not impacted its entities’ operations, and that electronic banking and ATM services are still functioning. Read more… Source: Computing News  

  • Microsoft says Clop ransomware gang is behind MOVEit mass-hacks, as first victims come forward

    June 5, 2023

    Security researchers have linked to the notorious Clop ransomware gang a new wave of mass-hacks targeting a popular file transfer tool, as the first victims of the attacks begin to come forward. It was revealed last week that hackers are exploiting a newly discovered vulnerability in MOVEit Transfer, a file-transfer tool widely used by enterprises to ...

  • Android apps with 30 million downloads contain SpinOk Android malware — delete these now

    June 5, 2023

    Following the discovery that over a hundred Android apps with 400 million combined downloads actually contained the SpinOk malware, security researchers have now found that an additional 92 apps are also affected. For those unaware, SpinOk is a spyware module that was being distributed as a software development kit (SDK) for advertisers. First discovered by the ...

  • Satacom delivers browser extension that steals cryptocurrency

    June 5, 2023

    Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom malware is delivered via third-party websites. Some of ...

  • CISA Adds Two Known Exploited Vulnerabilities to Catalog

    June 5, 2023

    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-33009 Zyxel Multiple Firewalls Buffer Overflow Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • Swiss administration hit by cyber attack

    June 3, 2023

    Swiss authorities are investigating a cyber attack on the IT company Xplain, whose clients include many federal and cantonal government departments, including the army and customs. The online attack was revealed on Saturday by the newspaper Le Temps, which reported that “several cantonal police forces, the Swiss army and the Federal Office of Police (Fedpol) have ...