Infostealers Enable Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting

A dangerous cybercrime feedback loop has emerged where stolen credentials from infostealer malware enable attackers to hijack legitimate business websites and turn them into malware distribution platforms. Recent research by the Hudson Rock Threat Intelligence Team reveals this self-sustaining cycle transforms victims into unwitting accomplices.

When users click these fraudulent alerts, malicious JavaScript silently copies a PowerShell command to their clipboard. The fake prompt then instructs users to press Windows+R and paste the “verification code” using Ctrl+V. This executes the hidden command, downloading infostealer malware such as Lumma, Vidar, or Stealc, directly onto their system while bypassing traditional security controls.

Research analyzing data from the ClickFix Hunter platform, which tracks over 1,600 active malicious domains, uncovered a startling pattern. Cross-referencing these domains with Hudson Rock’s database of compromised credentials revealed 220 domains, approximately 13%, that are simultaneously hosting ClickFix campaigns and have administrative credentials exposed in infostealer logs. This correlation proves a causal relationship; legitimate businesses whose administrators were infected by infostealers have had their websites hijacked to distribute the same malware that compromised them.

This feedback loop creates exponential growth in attack infrastructure. As more computers get infected, more credentials are stolen. More stolen credentials lead to more compromised websites, which expand the surface area for ClickFix campaigns, resulting in additional infections. The cycle becomes self-sustaining. The decentralized nature of this infrastructure makes disruption extremely difficult. Rather than operating from dedicated malicious servers, attackers hide within thousands of legitimate hosting providers using compromised business websites.

To read the complete article see: Cyber Security News?