www.malwarebytes.com 7/2/2026, 4:32:10 PM · external

ClickFix Attacks Use Fake Google Pages to Drop Malware via Franz

ClickFix Attacks Use Fake Google Pages to Drop Malware via Franz
CyberSIXT Evidence Panel Source marked as original reporting

THE article discusses a recent wave of ClickFix attacks utilizing fake Google and Cloudflare verification pages, which persuade users to execute malicious commands that lead to malware installation. The malware includes various families such as HijackLoader, StealC, and Remus, often delivered through a trojanized version of the Franz messaging app. Key safety tips for users include avoiding commands from untrusted sources, recognizing fraudulent verification pages, and keeping security software updated.

The campaigns leverage infrastructure like Cloudflare and old websites to distribute the malware, continually evolving with new methods and payloads.

View full article

Article by CyberSIXT