Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft

    June 2, 2023

    Mandiant has observed wide exploitation of a zero-day vulnerability in the MOVEit Transfer secure managed file transfer software for subsequent data theft. This vulnerability was announced by Progress Software Corporation on May 31, 2023 and has been assigned CVE-2023-34362. Based on initial analysis from Mandiant incident response engagements, the earliest evidence of exploitation occurred on May ...

  • In search of the Triangulation: triangle_check utility

    June 2, 2023

    In their initial blogpost about “Operation Triangulation”, Kaspersky published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators. To automate this process, Kaspersky researchers developed a dedicated utility to scan the backups and run ...

  • Russia says US intelligence hacked thousands of iPhones

    June 2, 2023

    Russia has accused United States intelligence agencies of hacking thousands of iPhones belonging to Russian users and foreign diplomats in the country. Russia’s Federal Security Service (FSB) said on Thursday that it had discovered an “intelligence action” that had compromised the phones of Russians as well as diplomats from Israel, Syria, China and NATO members. Read more… Source: ...

  • A Confession Exposes India’s Secret Hacking Industry

    June 1, 2023

    In the summer of 2020, Jonas Rey, a private investigator in Geneva, got a call from a client with a hunch. The client, the British law firm Burlingtons, represented an Iranian-born American entrepreneur, Farhad Azima, who believed that someone had hacked his e-mail account. Azima had recently helped expose sanctions-busting by Iran, so Iranian hackers ...

  • Progress Software Releases Security Advisory for MOVEit Transfer

    June 1, 2023

    Progress Software has released a security advisory for a SQL injection vulnerability (CVE-2023-34362) in MOVEit Transfer—a Managed File Transfer Software. A cyber threat actor could exploit this vulnerability to take over an affected system. CISA urgers users and organizations to review the MOVEit Transfer Advisory. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media

    June 1, 2023

    The Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA), together with the Republic of Korea’s National Intelligence Service (NIS), National Police Agency (NPA), and Ministry of Foreign Affairs (MOFA), are jointly issuing this advisory to highlight the use of social engineering by Democratic People’s Republic of Korea ...