Malware

New TELEPUZ malware spreads via ClickFix lures

The Hacker News reports that a new modular malware named TELEPUZ has been observed spreading since late April 2026, according to Elastic Security Labs. This malware is distributed through websites compromised with ClickFix lures, a social engineering technique that tricks users into executing malicious commands.

TELEPUZ is a lightweight and modular malware, likely developed by a small team and potentially offered as a malware-as-a-service. It employs various obfuscation techniques to evade analysis and performs anti-virtual machine and geolocation checks to avoid detection. The malware disables security monitoring by unhooking NTDLL, turning off Antimalware Scan Interface (AMSI) and Event Tracing for Windows (ETW), and removing DLL notification callbacks. It also detects and crashes debuggers before establishing communication with its command-and-control (C2) server.

The C2 server can be reached through various fallback methods, including encrypted URLs from Telegram, Steam profiles, DNS queries, and Polygon blockchain smart contracts. Once connected, TELEPUZ can perform actions such as file enumeration, keystroke logging, command execution, and cookie extraction from browsers. The C2 servers have been identified on compromised websites in Brazil and India.

Source: The Hacker News

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds