Fake CAPTCHA sites now have tutorial videos to help victims install malware

Early on in 2025, I described how criminals used fake CAPTCHA sites and a clipboard hijacker to provide instructions for website visitors that would effectively infect their own machines with an information stealer known as the Lumma Stealer. ClickFix is the name researchers have since given to...

Fake CAPTCHA websites hijack your clipboard to install information stealers

There are more and more sites that use a clipboard hijacker and instruct victims on how to infect their own machine. I realize that may sound like something trivial to steer clear from, but apparently it’s not because the social engineering behind it is pretty sophisticated. At first, these attac...

A week in security (January 27 – February 2)

Last week on Malwarebytes Labs: ClickFix vs. traditional download in new DarkGate campaign Cybercrime gets a few punches on the nose Microsoft advertisers phished via malicious Google ads The DeepSeek controversy: Authorities ask where does the data come from and how safe is it? These are the 10...

Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes

Cisco Talos has identified multiple versions of an undocumented malicious driver named "RedDriver," a driver-based browser hijacker that uses the Windows Filtering Platform WFP to intercept browser traffic. RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool to forge it...

Actors, Threats and Vulnerabilities 5 June to 11 June 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of seven attacks executed, taking advantage of five different vulnerabilities in...

MediaArena: A Deceptive Browser Hijacker Exploiting User Data and Security Threats

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MediaArena is a deceptive software that hijacks browsers, redirects searches, and collects user data for malicious activities, emphasizing the importance of removal and caution. To receive real-time thre...

Malicious code in scikit-llearn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6bf58245abb9da01b60c982ce640745844d2f52bf58abf309420ce018f35bc5e Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats

ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or...

Experts Warn of Rise in ChromeLoader Malware Hijacking Users' Browsers

A malvertising threat is witnessing a new surge in activity since its emergence earlier this year. Dubbed ChromeLoader, the malware is a "pervasive and persistent browser hijacker that modifies its victims' browser settings and redirects user traffic to advertisement websites," Aedan Russell of R...

Top 20 Most Popular Hacking Tools in 2019

As last year, this year we made a ranking with the most popular tools between January and December 2019. Topics of the tools focus on OSINT, Information Gathering, Android Hacking Tools, Automation Tools, Phishing, among others. Without going into further details, we have prepared a useful list o...

QxSearch hijacker fakes failed installs

Recently, one of the more dominant search hijacker families on our radar has started to display some curious behavior. The family in question is delivered by various Chrome extensions and classified as PUP.Optional.QxSearch because of its description in listings of installed extensions, which tel...

TeleShadow v3 - Telegram Desktop Session Stealer (Windows)

Teleshadow3- Advanced Telegram Desktop Session Hijacker! Download Click HERE to download the latest version! Stealing desktop telegrams has never been so easy! Set the email and sender details of the sender and recipient or use Telegram API! and send it to the victim after compiling. How do I use...

Hackers hacked: Account hijacking forum OGUsers pwned

By Uzair Amir The stolen OGUsers database is available on RaidForums for download. On 12th May, hackers managed to steal the database of a famous hijacker forum called OGUsers. This forum is used by hackers and online account hijackers, which means that the hackers have now been given a taste of...

ClipboardWalletHijacker malware replaces address to steal cryptocurrency

By Waqas The IT security researchers at Qihoo 360 Total Security have discovered This is a post from HackRead.com Read the original post: ClipboardWalletHijacker malware replaces address to steal cryptocurrency...

Hijacker v1.4 - All-in-One Wi-Fi Cracking Tools for Android

Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng , Airodump-ng , MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses. This application requires an ARM android device with a...

TeleShadow v2 - Advanced Telegram Desktop Session Hijacker!

Advanced Telegram Desktop Session Hijacker! Stealing desktop telegrams has never been so easy ! Set the email and sender details of the sender and recipient and send it to the victim after compiling. How do I use the session file? Delete everything inside folder at...

Fireball arrests made

Following some arrests in China, we may see a decrease in the amount of adware and adfraud hailing from the Rafotech labs. According to some reports 250 million machines may have been infected with one variant or another of Rafotechs’ products. We have shared some information about the potential...

Adware the series, part 6

In this series of posts, we will be using the flowchart below to follow the process of determining which adware we are dealing with. Our objective is to give you an idea of how many different types of adware are around for Windows systems. Though most are classified as PUPs, you will also see the...

Komodia Website Under DDoS Attack

Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack. As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack. “Some people say...

Kyle and Stan Malvertising Network Nine Times Bigger

The Kyle and Stan malvertising network has a much bigger reach than first reported—about nine times bigger. In the two weeks since Cisco’s first report on the malicious ad distribution campaign, researchers had a chance to look closer at telemetry data, connect more dots and learn that nearly 6,5...