Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
TELEPUZ Malware Expands via ClickFix, Steals Data

TELEPUZ Malware Expands via ClickFix, Steals Data

Posted on July 16, 2026 By CWS

Cybersecurity experts have identified a new threat in the form of TELEPUZ, a modular malware spreading through compromised websites using ClickFix tactics since April 2026. This malware employs social engineering strategies to deceive users into executing harmful commands, posing significant risks to data security.

Understanding TELEPUZ’s Mechanism

TELEPUZ operates by leveraging ClickFix, a method where users are tricked into running malicious scripts disguised as legitimate browser fixes or updates. This process, known as pastejacking, involves inserting harmful commands into a user’s clipboard, which are then executed when pasted into a terminal.

Once activated, TELEPUZ initiates a PowerShell command that downloads additional payloads. These payloads, including a Go variant of the Vidar Stealer, are designed to extract sensitive information from the victim’s system. The malware’s primary components are sourced from the hurgadatour[.]shop domain, showcasing its sophisticated deployment methodology.

Technical Features and Evasion Tactics

Constructed in the C programming language, TELEPUZ is both lightweight and versatile, suggesting it may have been developed by a small, skilled team. It employs several obfuscation techniques, such as code encryption and indirect system calls, to mask its activities and avoid detection by security systems.

This malware also performs various checks to evade virtual environments and sandbox detection. It assesses hardware specifications, such as CPU count and memory size, to evade execution in unauthorized settings. Furthermore, it disables security measures by unhooking key system components, ensuring its uninterrupted operation.

Establishing Control and Communication

After confirming a successful infiltration, TELEPUZ escalates its privileges and installs itself as a persistent service. It seeks to gain SYSTEM-level access by impersonating trusted processes, thereby embedding itself deeply within the victim’s system.

The malware attempts to connect with its command-and-control (C2) servers to receive further instructions. If initial contact fails, it uses alternative methods, including extracting encrypted URLs from various online profiles and blockchain contracts, to locate fallback C2 addresses.

TELEPUZ’s capabilities extend to file manipulation, keystroke logging, and browser data extraction, among other malicious activities. Its web injection feature allows direct interaction with browsers to execute commands and exploit vulnerabilities.

Despite its current limited deployment, TELEPUZ’s modular nature and the growing volume of its builds suggest potential expansion. The malware is likely offered as a service, indicating a new wave of organized cybercrime. As cybersecurity measures evolve, continuous vigilance is essential to counteract such threats effectively.

The Hacker News Tags:ClickFix, cyber attack, cyber threats, Cybercrime, Cybersecurity, data security, data theft, Malware, malware-as-a-service, modular malware, online threat, PowerShell, TELEPUZ, Vidar Stealer, web security

Post navigation

Previous Post: Kratos PhaaS Targets Microsoft 365 Users Globally
Next Post: UK Sentences Scattered Spider Hackers to Prison

Related Posts

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks The Hacker News
Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials The Hacker News
New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station The Hacker News
Microsoft Releases RAMPART and Clarity for AI Security Microsoft Releases RAMPART and Clarity for AI Security The Hacker News
FortiClient EMS Flaw Exploited by Hackers for Data Theft FortiClient EMS Flaw Exploited by Hackers for Data Theft The Hacker News
CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • WhatsApp Scam: How GhostPairing Endangers Accounts
  • AI Data Centers Face Security Challenges Amid Rapid Growth
  • New macOS Malware Forces Password Handover
  • Mac Malware Exploits Telegram Sessions for Unauthorized Access
  • UK Sentences Scattered Spider Hackers to Prison

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • WhatsApp Scam: How GhostPairing Endangers Accounts
  • AI Data Centers Face Security Challenges Amid Rapid Growth
  • New macOS Malware Forces Password Handover
  • Mac Malware Exploits Telegram Sessions for Unauthorized Access
  • UK Sentences Scattered Spider Hackers to Prison

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark