logo

Fake Google and Cloudflare Verification Pages Spread StealC, HijackLoader, and NetSupport Malware

ID: 8ffdaa92-b152-5d15-8403-367e2c9d29d0

STIX ID: report--8ffdaa92-b152-5d15-8403-367e2c9d29d0

Feed Name: GBHackers

Threat Score
78/100

Date Published: 2026-07-03

Date Updated: 2026-07-03

Author: Divya

...
...

Active ClickFix social-engineering campaigns impersonating Google and Cloudflare verification pages coerce victims into executing PowerShell downloaders that deliver a modular set of high-impact malware (info‑stealers and RATs) via Cloudflare Pages/R2, compromised domains, and direct IP hosting; attackers employ clipboard injection, AV/EDR bypass via a BYOD driver, UAC bypass, and process hollowing, and the report provides extensive IOCs (domains, IPs, and hashes) for detection and mitigation.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.