LEGALAUDIT

Scam Watch

Como reconocer ClickFix malware hits 700+ trusted sites via fake Cloudflare verification prompt?

TLDR

Attackers are exploiting a Ghost CMS vulnerability (CVE 2026 26980) to hijack more than 700 legitimate education and tech websites, injecting a fake Cloudflare or CAPTCHA verification step that tricks visitors into pasting a Windows...

Como funciona

Attackers are exploiting a Ghost CMS vulnerability (CVE 2026 26980) to hijack more than 700 legitimate education and tech websites, injecting a fake Cloudflare or CAPTCHA verification step that tricks visitors into pasting a Windows...

Señales de alerta

  • : A "verify you are human" or "fix your connection" page that asks you to open Run/PowerShell and paste a command Pressure tactics like countdowns, fake user counters, or urgent messaging pushing you to act fast Even on a trusted domain (university, tech vendor), the page now asks you to execute code locally

Qué hacer

  1. 1: Never copy paste commands from a webpage into Run, PowerShell, or a terminal
  2. 2close the tab instead If a site asks you to run code, verify with the site owner's official support channel before doing anything Keep your OS, browser, and anti malware tools up to date, and consider a browser extensio

Fuente

malwarebytes

Fuente verificada por Mythos Forensic Team

https://www.malwarebytes.com/blog/bugs/2026/05/700-education-and-tech-websites-hijacked-in-huge-clickfix-malware-campaign

FAQ

Es ClickFix malware hits 700+ trusted sites via fake Cloudflare verification prompt una estafa real?

Si. Trata el mensaje, la llamada o la solicitud de pago como sospechosos hasta que los verifiques por un canal oficial.

Cuales son las primeras senales?

: A "verify you are human" or "fix your connection" page that asks you to open Run/PowerShell and paste a command Pressure tactics like countdowns, fake user counters, or urgent messaging pushing you to act fast Even on a trusted domain (university, tech vendor), the page now asks you to execute code locally

Que debo hacer primero?

: Never copy paste commands from a webpage into Run, PowerShell, or a terminal; close the tab instead If a site asks you to run code, verify with the site owner's official support channel before doing anything Keep your OS, browser, and anti malware tools up to date, and consider a browser extensio

Puede LegalAudit revisar mi caso?

Si. Abre el chat gratis y pega el mensaje, el enlace, el remitente o los datos de pago para un triage.