Full Story on:Threat actors are currently exploiting sophisticated ClickFix social engineering campaigns that mimic Google and Cloudflare verification systems to distribute several high-impact malware families, including StealC, HijackLoader, NetSupport RAT, and newly identified loaders.
Recent threat intelligence research indicates that these campaigns have been active since late 2025, tricking users into manually executing malicious PowerShell commands. This effectively bypasses traditional security controls, allowing for a complete compromise of targeted systems.
The attack chains typically rely on fake “Verify you’re human” or “Manual Verification Required” pages that resemble Google reCAPTCHA, Google Meet prompts, and Cloudflare security checks.
Fake Google and Cloudflare Verification Pages Spread StealC, HijackLoader, and NetSupport Malware
Threat actors are currently exploiting sophisticated ClickFix social engineering campaigns that mimic Google and Cloudflare verification systems.
gbhackers.com
