Fake Google and Cloudflare verification pages spread multiple malware families


ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Microsoft 365 credentials targeted in new fake voicemail campaign

    June 20, 2022

    A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials. The operation is ongoing and the threat actor behind it uses fake voicemail notifications to lure victims into opening a malicious HTML attachment. According to researchers at cloud ...

  • Android-wiping BRATA malware is evolving into a persistent threat

    June 19, 2022

    The threat actor behind BRATA banking trojan has evolved their tactics and improved the malware with information-stealing capabilities. Italian mobile security company Cleafy has been tracking BRATA activity and noticed in the most recent campaigns changes that lead to longer persistence on the device. “The modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern,” ...

  • QNAP ‘thoroughly investigating’ new DeadBolt ransomware attacks

    June 17, 2022

    Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. The company is urging users to update their NAS devices to the latest firmware version and ensure they’re not exposed to remote access over the Internet. “QNAP recently detected a new DeadBolt ransomware ...

  • Sophos Firewall zero-day bug exploited weeks before fix

    June 16, 2022

    Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. The security issue has been fixed in the meantime but various threat actors continued to exploit it to bypass authentication and run arbitrary code remotely on multiple organizations. On March 25, ...

  • Heineken says there’s no free beer, warns of phishing scam

    June 16, 2022

    There’s no such thing as free beer for Father’s Day — at least not from Heineken. The brewing giant confirmed that a contest circulating on WhatsApp, which promises a chance to win one of 5,000 coolers full of green-bottled lager, is a frothy fraud. “This is a scam and is not sanctioned by Heineken,” the beermaker ...

  • New Android malware bypasses multi-factor authentication to steal your passwords

    June 16, 2022

    A newly discovered form of Android malware steals passwords, bank details and cryptocurrency wallets from users – and it does so by bypassing multi-factor authentication protections. The malware has been detailed by cybersecurity researchers at F5 Labs, who’ve dubbed it MaliBot. It’s the latest in a string of powerful malware targeting Android users. In addition to remotely ...