TELEPUZ Malware Exploits ClickFix for Data Theft and Command Execution
TELEPUZ is a modular malware spreading through ClickFix social engineering attacks to steal data and execute commands, utilizing PowerShell payloads and Go-based Vidar Stealer components. It employs advanced evasion techniques, multiple C2 fallback methods, and targets Windows systems with privilege escalation and anti-analysis measures.
Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that's been spreading via websites infected with ClickFix lures since late April 2026.
"The malware is full-featured, lightweight, and modular," Elastic Security Labs researcher Cyril François said in a technical report. "While the number of C2 [command-and-control] domains is currently small, the daily
*** END OF TRANSMISSION ***