Widespread Malware Campaign Targets Trusted Domains
Security researchers have uncovered a large scale malware operation that compromised over 700 education and technology websites. The campaign, known as ClickFix, hijacked legitimate domains to distribute malicious payloads to unsuspecting visitors. Victims who landed on these compromised pages were presented with fake alerts or prompts urging them to download updates or run scripts, which then installed malware on their systems.
The attack leveraged the trusted reputation of .edu and tech focused domains, making it harder for users to recognize the danger. By embedding malicious code into otherwise normal looking sites, the attackers were able to bypass many traditional security filters and reach a broad audience.
Broader Threats and Phishing Activity
In the same period, security teams reported a surge in phishing attacks targeting LinkedIn and Signal users. Scammers sent fake login pages designed to steal session cookies and backup credentials. Additionally, a phishing kit called Kali365 emerged, capable of bypassing multi factor authentication to compromise Microsoft accounts. These attacks demonstrate an evolution in credential theft tactics, moving beyond simple password scams to more sophisticated methods.
Another notable incident involved fake software downloads on platforms like GitHub and SourceForge. Malicious actors distributed a remote access trojan named Deno RAT through counterfeit application repositories. Users who downloaded what appeared to be legitimate tools instead installed backdoor access for attackers.
Source: Malwarebytes
