Threat Research

    KongTuke Web Inject for Fake Captcha Page

    The attack chain begins with a malicious script injected into legitimate but compromised websites. This script redirects users to a fake CAPTCHA page designed to mimic a "verify you are human" check. The deceptive CAPTCHA page performs clipboard hijacking—also known as pastejacking—by injecting malicious code into the user's clipboard....
    4/10/2025  0
    Read More »

    Evasive Campaign Pushing Legion Loader Malware

    A stealthy web campaign is hijacking users' clipboards to trick them into executing MSI files tied to Legion Loader malware. These MSI files are disguised as "Klio Verfair Tools," a known alias for Legion Loader. The technique, known as "pastejacking" or "clipboard hijacking," instructs users to paste malicious content into the Run window....
    4/4/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.