ClickFix Scam Abuses Google, Cloudflare Checks to Deliver 7 Malware Families
A page asking you to prove you are human can be the first step in a malware infection. Malwarebytes says multiple campaigns active since at least late 2025 have used fake Google and Cloudflare verification screens to trick visitors into copying and running malicious commands on their own computers.
These commands infect victims’ devices with multiple malware families including:
- StealC
- Remus
- NetSupport
- HijackLoader
- CastleLoader
- Amatera Stealer
- An unknown Rust-based infostealer.
According to the Malwarebytes report, the campaigns follow multiple ways of targeting victims such as showing fake Google reCAPTCHA pages, Cloudflare-style verification checks, warnings about unauthorized Google logins, and Google Meet prompts claiming an audio driver needed fixing.
Researchers also found a fake QR code service using the same tactic with a goal to convince the victim to follow technical instructions that ended with malicious code running through PowerShell or another command-line tool.
Malwarebytes linked these campaigns by spotting...
Copyright of this story solely belongs to hackread.com. To see the full text click HERE