negativeSYS.SOURCE: The Hacker News• 2026-07-08T18:22:15+05:30
SCMBANKER Malware Exploits ClickFix Lures for Mexican Banking Fraud
#Banking Fraud#Malware#Cybersecurity#Phishing#Remote Access
SCMBANKER malware targets Mexican banking users through fake ClickFix CAPTCHA lures, deploying a PowerShell toolkit with capabilities like clipboard hijacking and remote access. The threat leverages AI-assisted code generation and operational security flaws to maintain persistence and execute phishing attacks.
A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures.
The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake CAPTCHA verification pages that deceive them into running a malicious command that installs a PowerShell toolkit dubbed
*** END OF TRANSMISSION ***