LEGALAUDIT

Scam Watch

Wie erkennen Sie ClickFix malware hits 700+ trusted sites via fake Cloudflare verification prompt?

Kurzfassung

Attackers are exploiting a Ghost CMS vulnerability (CVE 2026 26980) to hijack more than 700 legitimate education and tech websites, injecting a fake Cloudflare or CAPTCHA verification step that tricks visitors into pasting a Windows...

Wie es funktioniert

Attackers are exploiting a Ghost CMS vulnerability (CVE 2026 26980) to hijack more than 700 legitimate education and tech websites, injecting a fake Cloudflare or CAPTCHA verification step that tricks visitors into pasting a Windows...

Warnzeichen

  • : A "verify you are human" or "fix your connection" page that asks you to open Run/PowerShell and paste a command Pressure tactics like countdowns, fake user counters, or urgent messaging pushing you to act fast Even on a trusted domain (university, tech vendor), the page now asks you to execute code locally

Was tun

  1. 1: Never copy paste commands from a webpage into Run, PowerShell, or a terminal
  2. 2close the tab instead If a site asks you to run code, verify with the site owner's official support channel before doing anything Keep your OS, browser, and anti malware tools up to date, and consider a browser extensio

Quelle

malwarebytes

Quelle geprueft vom Mythos Forensic Team

https://www.malwarebytes.com/blog/bugs/2026/05/700-education-and-tech-websites-hijacked-in-huge-clickfix-malware-campaign

FAQ

Ist ClickFix malware hits 700+ trusted sites via fake Cloudflare verification prompt ein reales Betrugsmuster?

Ja. Behandeln Sie Nachricht, Anruf oder Zahlungsaufforderung als verdaechtig, bis ein offizieller Kanal sie bestaetigt.

Was sind die ersten Warnzeichen?

: A "verify you are human" or "fix your connection" page that asks you to open Run/PowerShell and paste a command Pressure tactics like countdowns, fake user counters, or urgent messaging pushing you to act fast Even on a trusted domain (university, tech vendor), the page now asks you to execute code locally

Was sollte ich zuerst tun?

: Never copy paste commands from a webpage into Run, PowerShell, or a terminal; close the tab instead If a site asks you to run code, verify with the site owner's official support channel before doing anything Keep your OS, browser, and anti malware tools up to date, and consider a browser extensio

Kann LegalAudit meinen Fall pruefen?

Ja. Starten Sie den kostenlosen Chat und fuegen Sie Nachricht, Link, Absender oder Zahlungsdaten ein.