logo

ClickFix Scams Abuse Google, Cloudflare Checks to Deliver 7 Malware Families

ID: 4332bff2-1e56-5403-8c8c-e5ea4a5cbf69

STIX ID: report--4332bff2-1e56-5403-8c8c-e5ea4a5cbf69

Feed Name: HackRead

Threat Score
78/100

Date Published: 2026-07-06

Date Updated: 2026-07-06

Author: Waqas

...
...

Malwarebytes uncovered active ClickFix campaigns that trick users with fake Google/Cloudflare verification and other lures into copying and running terminal commands; those commands install varied malware families (including a ResiLoader loader and StealC infostealer). Operators reuse infrastructure (Cloudflare R2, expired domains, compromised sites), employ trojanized apps and DLL hijacking, and abuse a vulnerable driver to disable security products, resulting in widespread infections affecting thousands of devices.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.