The Hacker News reports that a new modular malware named TELEPUZ has been observed spreading since late April 2026, according to Elastic Security Labs. This malware is distributed through websites compromised with ClickFix lures, a social engineering technique that tricks users into executing malicious commands.TELEPUZ is a lightweight and modular malware, likely developed by a small team and potentially offered as a malware-as-a-service. It employs various obfuscation techniques to evade analysis and performs anti-virtual machine and geolocation checks to avoid detection. The malware disables security monitoring by unhooking NTDLL, turning off Antimalware Scan Interface (AMSI) and Event Tracing for Windows (ETW), and removing DLL notification callbacks. It also detects and crashes debuggers before establishing communication with its command-and-control (C2) server.The C2 server can be reached through various fallback methods, including encrypted URLs from Telegram, Steam profiles, DNS queries, and Polygon blockchain smart contracts. Once connected, TELEPUZ can perform actions such as file enumeration, keystroke logging, command execution, and cookie extraction from browsers. The C2 servers have been identified on compromised websites in Brazil and India.Source: The Hacker News
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds




