www.elastic.co 7/15/2026, 8:01:33 PM · external

TELEPUZ spreads via ClickFix-VIDAR social engineering attack

TELEPUZ spreads via ClickFix-VIDAR social engineering attack
CyberSIXT Evidence Panel Source marked as original reporting

TELEPUZ is a new modular malware discovered spreading through CLICKFIX-VIDAR attacks. It is lightweight and under active development with a growing presence on VirusTotal. The infection process starts with social engineering tactics that prompt users to execute a malicious PowerShell command. This leads to the downloading of a VIDAR variant, which then downloads the main TELEPUZ payload.

The malware uses WebSocket communication for command and control (C2), employing various evasion techniques such as indirect syscalls, garbage instructions, and string encryption. Capable of privilege escalation and establishing persistence, TELEPUZ can execute commands to steal data, including keylogging and web injections. The C2 infrastructure consists of a few primary domains, suggesting it might be part of a Malware-as-a-Service (MaaS) framework.

View full article

Article by CyberSIXT