Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

KongTuke NexShield CrashFix malvertising campaign

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

The KongTuke malvertising operation is using NexShield to crash Chrome and Edge, pushing victims into ClickFix activity that can trigger malicious command execution and payload delivery. The campaign matters because it is reaching corporate environments and has already delivered ModeloRAT.

Related Happenings

KongTuke Microsoft Teams initial access campaign

Campaign
First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...

Open Happening

MuddyWater broad cyber-espionage campaign across sectors and countries

Campaign
First: 14.05.2026 00:59 Last: 14.05.2026 00:59 Sources 1

About this happening: **MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...

Open Happening

Fake Claude Code installation-page infostealer campaign targeting developers

Campaign
First: 11.05.2026 17:00 Last: 11.05.2026 17:00 Sources 1

About this happening: A **fake Claude Code** installer campaign is using **sponsored search results** and **operator-controlled domains** to deliver an **infostealer** to **developer workstations**, pu...

Open Happening

VoidStealer debugger-based ABE-bypass infostealer

Malware Activity
First: 22.03.2026 16:32 Last: 22.03.2026 16:32 Sources 1

About this happening: **VoidStealer** now uses a **debugger-based ABE bypass** to steal **Chrome** master keys, increasing the risk of browser credential and sensitive-data theft. The infostealer can e...

Open Happening

ClickFix MacSync social-engineering campaign targeting macOS users

Campaign
First: 16.03.2026 13:41 Last: 16.03.2026 13:41 Sources 1

About this happening: A **ClickFix** campaign is using **fake Cloudflare CAPTCHA verification challenges**, **embedded video tutorials**, and **automatic OS detection** to trick victims into pasting an...

Open Happening

Timeline

  1. 20.01.2026 00:49 2 articles · 4mo ago

    NexShield malvertising campaign triggers CrashFix browser crashes

    Initial Disclosure

    A malvertising campaign used a fake ad-blocking Chrome and Edge extension named NexShield to intentionally crash browsers, then pushed victims into ClickFix-style command execution through deceptive restart warnings and clipboard-copied Windows Command Prompt instructions. Huntress said the extension exhausted browser memory with chrome.runtime port connections, added a 60-minute execution delay after installation, and delivered the Python-based remote access tool ModeloRAT to domain-joined corporate hosts, where it could perform reconnaissance, run PowerShell commands, modify the Registry, load additional payloads, and update itself.

    Show sources
    Open in new tab