TELEPUZ Malware Emerges, Spreading via ClickFix Lures to Steal Data

TELEPUZ Malware Emerges, Spreading via ClickFix Lures to Steal Data

First seen 16 Jul 2026, 23:17 UTC ThehackernewsFeeds.Feedburner 77% similarity 64.5

Article Content

Browse articles
ThreatCluster

A new modular malware named TELEPUZ has been detected spreading since late April 2026. It uses ClickFix lures to trick users into executing malicious commands. The malware is lightweight and modular, likely developed by a small team and may be offered as malware-as-a-service. TELEPUZ employs obfuscation techniques to evade detection and disables security monitoring features. It performs anti-virtual machine checks and crashes debuggers before connecting to its command-and-control (C2) server. The C2 server can be accessed through various encrypted methods, including Telegram and blockchain smart contracts. Once connected, TELEPUZ can execute commands, log keystrokes, and extract cookies from browsers. Compromised websites in Brazil and India have been identified as hosting the malware.

Key Points: • TELEPUZ malware spreads via ClickFix lures, targeting unsuspecting users. • It employs advanced evasion techniques to disable security measures. • The C2 server utilizes multiple encrypted communication methods.

ThreatCluster AI

Timeline

2026-04-30
TELEPUZ malware first detected
Elastic Security Labs reported the emergence of TELEPUZ malware spreading via ClickFix lures.
The Hacker News
2026-07-16
TELEPUZ malware details published
Reports detail the malware's capabilities, including data theft and command execution.
Thehackernews

Community

Browse all →