Home/News/TELEPUZ Malware Spreads Via ClickFix, Steals Data
The Hacker News2 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

TELEPUZ Malware Spreads Via ClickFix, Steals Data

TELEPUZ Malware Spreads Via ClickFix, Steals Data

A new modular malware, dubbed TELEPUZ, has been identified spreading through websites infected with ClickFix lures since late April 2026. Elastic Security Labs researcher Cyril François described the malware as "full-featured, lightweight, and modular" in a technical report. Despite a currently small number of command-and-control (C2) domains, the malware exhibits significant capabilities for data theft and remote command execution.

The TELEPUZ malware operates by exploiting vulnerabilities or user trust associated with "ClickFix" lures, which are often presented as solutions to website issues or to unlock content. Once installed, TELEPUZ can exfiltrate sensitive data from infected systems and receive instructions from its C2 servers to perform malicious actions. The modular design suggests that its functionalities can be updated or expanded over time, posing an evolving threat to targeted users and organizations.

Elastic Security Labs noted that while the number of active C2 domains associated with TELEPUZ is currently limited, the daily activity indicates a persistent and active campaign. The specific types of data targeted and the full range of commands it can execute are still under investigation, but its ability to steal data and run commands points to a sophisticated threat actor. The researchers are continuing to monitor the malware's spread and evolution to develop effective countermeasures.

This discovery highlights the ongoing challenges in cybersecurity, particularly the use of social engineering tactics and seemingly benign website elements to distribute malware. The lightweight and modular nature of TELEPUZ allows it to evade detection more easily and adapt to security measures, making it a notable addition to the landscape of cyber threats.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next