ClickFix Scams Abuse Google, Cloudflare Checks to Deliver 7 Malware Families
ID: 4332bff2-1e56-5403-8c8c-e5ea4a5cbf69
STIX ID: report--4332bff2-1e56-5403-8c8c-e5ea4a5cbf69
Feed Name: HackRead
Malwarebytes uncovered active ClickFix campaigns that trick users with fake Google/Cloudflare verification and other lures into copying and running terminal commands; those commands install varied malware families (including a ResiLoader loader and StealC infostealer). Operators reuse infrastructure (Cloudflare R2, expired domains, compromised sites), employ trojanized apps and DLL hijacking, and abuse a vulnerable driver to disable security products, resulting in widespread infections affecting thousands of devices.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
