Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • CISA Releases Three Industrial Control Advisories

    December 8, 2022

    CISA has released three (3) Industrial Control Systems (ICS) advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds One ...

  • DeathStalker targets legal entities with new Janicab variant

    December 8, 2022

    “Dosen’t matter how long you wait for the bus on a rainy day, X seconds was enough to get wet?” Just to clarify, the above subheading isn’t a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers (DDRs). While hunting for less common Deathstalker intrusions that use ...

  • US Health Dept warns of Royal Ransomware targeting healthcare

    December 8, 2022

    The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country’s healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang. The Health Sector Cybersecurity Coordination Center (HC3) —HHS’ security team— revealed in a new analyst note published Wednesday that the ransomware group has been behind ...

  • Cisco discloses high-severity IP phone bug with exploit code

    December 8, 2022

    Cisco has disclosed today a high-severity vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks. The company warned on Thursday that its Product Security Incident Response Team (PSIRT) is “aware that proof-of-concept exploit code is available” and that the “vulnerability has been publicly ...

  • Internet Explorer 0-day exploited by North Korean actor APT37

    December 7, 2022

    To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. This blog will describe a 0-day vulnerability, discovered by TAG in late October 2022, embedded in malicious documents and used to target users in South Korea. TAG attributes this activity to a group of North Korean government-backed actors known ...

  • DEV-0139 launches targeted attacks against the cryptocurrency industry

    December 6, 2022

    Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but Microsoft researchers have also observed threat actors directly targeting organizations within the cryptocurrency industry for financial gain. Attacks ...