Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Crooks copy source code from Okta’s GitHub repository

    December 23, 2022

    Intruders copied source code belonging to Okta after breaching the identity management company’s GitHub repositories. Okta was alerted by Microsoft-owned GitHub earlier this month of “suspicious access” to its code repositories and determined that miscreants copied code associated with the company’s Workforce Identity Cloud (WIC), an enterprise-facing access and identity management tool to enable workers and ...

  • Ransomware and wiper signed with stolen certificates

    December 22, 2022

    On July 17, 2022, Albanian news outlets reported a massive cyberattack that affected Albanian government e-services. A few weeks later, it was revealed that the cyberattacks were part of a coordinated effort likely intended to cripple the country’s computer systems. On September 10, 2022, Albanian local news reported a second wave of cyberattacks targeting Albania’s ...

  • OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service

    December 22, 2022

    Cisco Talos recently discovered nineteen vulnerabilities in OpenImageIO, an image processing library, which could lead to sensitive information disclosure, denial of service and heap buffer overflows which could further lead to code execution. OpenImageIO is an image processing library useful for conversion and processing, as well as image comparison. This library is utilized by 3D-processing software ...

  • Vice Society ransomware gang switches to new custom encryptor

    December 22, 2022

    The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305. According to cybersecurity firm SentinelOne, which discovered the new strain and named it “PolyVice,” it’s likely that Vice Society sourced it from a vendor who supplies similar tools to other ransomware ...

  • After ransomware hits Colombian energy firm, Moody’s says low patch rate suggests inadequacies in cyber practices

    December 22, 2022

    A ransomware attack at top Colombian energy company Empresas Publicas de Medellin (EPM) may damage its credit quality, setting an alarm clock for the critical infrastructure industry to develop efficient mitigation practices and vulnerability management programs, Moody’s said. EPM, one of Colombia’s largest public energy, water, and gas providers suffered from a ransomware attack reported on ...

  • FIN7 hackers create auto-attack platform to breach Exchange servers

    December 22, 2022

    The notorious FIN7 hacking group uses an automated attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size. This system was discovered by Prodaft’s threat intelligence team, which has been closely following FIN7 operations for years now. In a report shared ...