#pastejacking — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #pastejacking, aggregated by home.social.
-
2025-04-22 (Tuesday): Always fun to find the fake CAPTCHA pages with the #ClickFix style instructions trying to convince viewers to infect their computers with malware.
Saw #StealC from an infection today.
Indicators available at https://github.com/malware-traffic/indicators/blob/main/2025-04-22-IOCs-for-ClickFix-style-campaign-leading-to-StealC-infection.txt
-
2025-04-22 (Tuesday): Always fun to find the fake CAPTCHA pages with the #ClickFix style instructions trying to convince viewers to infect their computers with malware.
Saw #StealC from an infection today.
Indicators available at https://github.com/malware-traffic/indicators/blob/main/2025-04-22-IOCs-for-ClickFix-style-campaign-leading-to-StealC-infection.txt
-
2025-04-22 (Tuesday): Always fun to find the fake CAPTCHA pages with the #ClickFix style instructions trying to convince viewers to infect their computers with malware.
Saw #StealC from an infection today.
Indicators available at https://github.com/malware-traffic/indicators/blob/main/2025-04-22-IOCs-for-ClickFix-style-campaign-leading-to-StealC-infection.txt
-
2025-04-22 (Tuesday): Always fun to find the fake CAPTCHA pages with the #ClickFix style instructions trying to convince viewers to infect their computers with malware.
Saw #StealC from an infection today.
Indicators available at https://github.com/malware-traffic/indicators/blob/main/2025-04-22-IOCs-for-ClickFix-style-campaign-leading-to-StealC-infection.txt
-
2025-04-22 (Tuesday): Always fun to find the fake CAPTCHA pages with the #ClickFix style instructions trying to convince viewers to infect their computers with malware.
Saw #StealC from an infection today.
Indicators available at https://github.com/malware-traffic/indicators/blob/main/2025-04-22-IOCs-for-ClickFix-style-campaign-leading-to-StealC-infection.txt
-
Social media post I wrote for my employer on other platforms.
2025-04-04 (Friday): Injected #KongTuke script in pages from legitimate but compromised websites leads to fake #CAPTCHA style pages and #ClipboardHijacking (#pastejacking). These pages ask users to paste script into a Run window. Latest info at
Information from an infection run earlier today at https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-04-04-IOCs-forKongTuke-web-inject-leading-to-fake-CAPTHA-page.txt
Of note, we can find legitimate websites with the injected hashtag#KongTuke script by pivoting on the KongTuke domain in URLscan:
-
Social media post I wrote for my employer on other platforms.
2025-04-04 (Friday): Injected #KongTuke script in pages from legitimate but compromised websites leads to fake #CAPTCHA style pages and #ClipboardHijacking (#pastejacking). These pages ask users to paste script into a Run window. Latest info at
Information from an infection run earlier today at https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-04-04-IOCs-forKongTuke-web-inject-leading-to-fake-CAPTHA-page.txt
Of note, we can find legitimate websites with the injected hashtag#KongTuke script by pivoting on the KongTuke domain in URLscan:
-
Social media post I wrote for my employer on other platforms.
2025-04-04 (Friday): Injected #KongTuke script in pages from legitimate but compromised websites leads to fake #CAPTCHA style pages and #ClipboardHijacking (#pastejacking). These pages ask users to paste script into a Run window. Latest info at
Information from an infection run earlier today at https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-04-04-IOCs-forKongTuke-web-inject-leading-to-fake-CAPTHA-page.txt
Of note, we can find legitimate websites with the injected hashtag#KongTuke script by pivoting on the KongTuke domain in URLscan:
-
Social media post I wrote for my employer on other platforms.
2025-04-04 (Friday): Injected #KongTuke script in pages from legitimate but compromised websites leads to fake #CAPTCHA style pages and #ClipboardHijacking (#pastejacking). These pages ask users to paste script into a Run window. Latest info at
Information from an infection run earlier today at https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-04-04-IOCs-forKongTuke-web-inject-leading-to-fake-CAPTHA-page.txt
Of note, we can find legitimate websites with the injected hashtag#KongTuke script by pivoting on the KongTuke domain in URLscan:
-
Social media post I wrote for my employer on other platforms.
2025-04-04 (Friday): Injected #KongTuke script in pages from legitimate but compromised websites leads to fake #CAPTCHA style pages and #ClipboardHijacking (#pastejacking). These pages ask users to paste script into a Run window. Latest info at
Information from an infection run earlier today at https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-04-04-IOCs-forKongTuke-web-inject-leading-to-fake-CAPTHA-page.txt
Of note, we can find legitimate websites with the injected hashtag#KongTuke script by pivoting on the KongTuke domain in URLscan: