🟠 High | Source: The Hacker News
TELEPUZ is a newly identified modular malware spreading through ClickFix-laced websites since late April 2026, capable of stealing data and executing remote commands via command-and-control infrastructure. Its lightweight, modular design makes it adaptable and harder to detect. The campaign is still in relatively early stages, but its versatility poses a meaningful threat to organisations whose users browse the web from corporate or cloud-connected endpoints.
Security Architect’s Take: Review endpoint detection coverage for ClickFix-style social engineering lures — particularly on developer and admin workstations that have elevated access to cloud environments. Ensure DNS and web proxy filtering blocks emerging C2 domains, and consider restricting PowerShell and script execution policies on endpoints that interact with cloud control planes.
Original advisory: New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands