
Fake Google and Cloudflare Verification Pages Spread Multiple Malware Families
A sprawling ClickFix campaign that abuses fake Google and Cloudflare verification pages to trick users into infecting their own machines. Documented by Malwarebytes, the operation delivers a wide range of payloads including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer, all tied to shared infrastructure active since late 2025. ClickFix attacks don’t […]
The post Fake Google and Cloudflare Verification Pages Spread Multiple Malware Families appeared first on Cyber Security News.