Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Attackers target Ukraine using GoMet backdoor

    July 21, 2022

    Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine — this time aimed at a large software development company whose software is used in various state organizations within Ukraine. ...

  • How Conti ransomware hacked and encrypted the Costa Rican government

    July 21, 2022

    Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack’s precision and the speed of moving from initial access to the final stage of encrypting devices. This is the last attack from the Conti ransomware operation before the group transitioned to a different form of organization that relies on ...

  • New ‘Lightning Framework’ Linux malware installs rootkits, backdoors

    July 21, 2022

    A new and previously undetected malware dubbed ‘Lightning Framework’ targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. Described as a “Swiss Army Knife” in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins. Read more… Source: Bleeping ...

  • Atlassian reveals critical flaws in almost everything it makes and touches

    July 21, 2022

    Atlassian has warned users of its Bamboo, Bitbucket, Confluence, Fisheye, Crucible, and Jira products that a pair of critical-rated flaws threaten their security. The company’s July security advisories detail “Servlet Filter dispatcher vulnerabilities.” One of the flaws – CVE-2022-26136 – is described as an arbitrary Servlet Filter bypass that means an attacker could send a specially crafted ...

  • LockBit: Ransomware Puts Servers in the Crosshairs

    July 20, 2022

    LockBit affiliates using servers to spread ransomware throughout networks. Symantec, a division of Broadcom Software, has observed threat actors targeting server machines in order to spread the LockBit ransomware threat throughout compromised networks. In one attack observed by Symantec, LockBit was seen identifying domain-related information, creating a Group Policy for lateral movement, and executing a “gpupdate /force” ...

  • Luna and Black Basta – new ransomware for Windows, Linux and ESXi

    July 20, 2022

    In Kaspersky crimeware reporting service, they analyze the latest crime-related trends we come across. If Kaspersky look back at what they covered last month, they will see that ransomware (surprise, surprise!) definitely stands out. In this blog post, Kaspersky researchers provide several excerpts from last month’s reports on new ransomware strains. Last month, Kaspersky Darknet Threat ...