Fake Google and Cloudflare Verification Pages Spread StealC, HijackLoader, and NetSupport Malware
ID: 8ffdaa92-b152-5d15-8403-367e2c9d29d0
STIX ID: report--8ffdaa92-b152-5d15-8403-367e2c9d29d0
Feed Name: GBHackers
Active ClickFix social-engineering campaigns impersonating Google and Cloudflare verification pages coerce victims into executing PowerShell downloaders that deliver a modular set of high-impact malware (info‑stealers and RATs) via Cloudflare Pages/R2, compromised domains, and direct IP hosting; attackers employ clipboard injection, AV/EDR bypass via a BYOD driver, UAC bypass, and process hollowing, and the report provides extensive IOCs (domains, IPs, and hashes) for detection and mitigation.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
