Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • State-sponsored campaigns target global network infrastructure

    April 18, 2023

    Recently, the UK’s National Cyber Security Center (NCSC) released a report on a sustained campaign by a Russian intelligence agency targeting a vulnerability in routers that Cisco had published a patch for in 2017. This campaign, dubbed “Jaguar Tooth,” is an example of a much broader trend of sophisticated adversaries targeting networking infrastructure to advance ...

  • New QBot email attacks use PDF and WSF combo to install malware

    April 17, 2023

    QBot malware is now distributed in phishing campaigns utilizing PDFs and Windows Script Files (WSF) to infect Windows devices. Qbot (aka QakBot) is a former banking trojan that evolved into malware that provides initial access to corporate networks for other threat actors. This initial access is done by dropping additional payloads, such as Cobalt Strike, Brute ...

  • Update now: Google emits emergency fix for zero-day Chrome vulnerability

    April 17, 2023

    Google on Friday released an emergency update for Chrome to address a zero-day security flaw. The vulnerability, tracked as CVE-2023-2033, can be exploited by a malicious webpage to run arbitrary code in the browser. Thus, surfing to a bad website with a vulnerable browser could lead to your device being hijacked. Exploit code for this hole ...

  • Hackers abuse Google Command and Control red team tool in attacks

    April 17, 2023

    The Chinese state-sponsored hacking group APT41 was found abusing the GC2 (Google Command and Control) red teaming tool in data theft attacks against a Taiwanese media and an Italian job search company. APT 41, also known as HOODOO, is a Chinese state-sponsored hacking group known to target a wide range of industries in the USA, Asia, ...

  • Ex-Conti members and FIN7 devs team up to push new Domino malware

    April 17, 2023

    Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named ‘Domino’ in attacks on corporate networks. Domino is a relatively new malware family consisting of two components, a backdoor named ‘Domino Backdoor,’ which in turn drops a ‘Domino Loader’ that injects an info-stealing malware DLL into the memory ...

  • Australians lose record $3.1 billion to scams in 2022

    April 16, 2023

    Doris McAllister spent her whole life working hard to support herself. So, last year, when the 75-year-old saw an international bank offering a good return on deposits, she decided to transfer her life’s savings of $260,000 across to help secure her retirement. Six weeks later, when she needed to make a withdrawal, she realised she had been ...